Hardening of a RHEL Linux System.
Current Version: B00
Prerequisites:
Knowledge equivalent to the GL120 "Linux Fundamentals" and GL250 "Enterprise Linux Systems Administration"
Supported Distributions:
Red Hat Enterprise Linux 7
Course Outline:
- Security Concepts
- Basic Security Principles
- RHEL7 Default Install
- Minimization – Discovery
- Service Discovery
- Hardening
- Security Concepts
- Removing Packages Using RPM
- Firewall Configuration
- Process Discovery
- Operation of the setuid() and capset() System Calls
- Operation of the chroot() System Call
- Introduction to Troubleshooting Labs
- Scanning, Probing, and Mapping Vulnerabilities
- The Security Environment
- Stealth Reconnaissance
- The WHOIS database
- Interrogating DNS
- Discovering Hosts
- Discovering Reachable Services
- Reconnaissance with SNMP
- Discovery of RPC Services
- Enumerating NFS Shares
- Nessus/OpenVAS Insecurity Scanner
- Configuring OpenVAS
- Intrusion Detection Systems
- Snort Rules
- Writing Snort Rules
- NMAP
- OpenVAS
- Advanced nmap Options
- Tracking security updates and software maintenance
- Security Advisories
- Managing Software
- RPM Features
- RPM Architecture
- RPM Package Files
- Working With RPMs
- Querying and Verifying with RPM
- Updating the Kernel RPM
- Dealing With RPM & Yum Digest Changes
- Using the Yum command
- Using Yum history
- Yum Plugins & RHN Subscription Manager
- YUM Repositories
- Managing Software with RPM
- Creating a Custom RPM Repository
- Querying the RPM Database
- Using Yum
- Manage The Filesystem
- Partitioning Disks with fdisk & gdisk
- Resizing a GPT Partition with gdisk
- Partitioning Disks with parted
- Filesystem Creation
- Persistent Block Devices
- Mounting Filesystems
- Filesystem Maintenance
- Swap
- Creating and Managing Filesystems
- Hot Adding Swap
- Securing the Filesystem
- Configuring Disk Quotas
- Setting Quotas
- Viewing and Monitoring Quotas
- Filesystem Attributes
- Filesystem Mount Options
- GPG – GNU Privacy Guard
- File Encryption with OpenSSL
- File Encryption With encfs
- Linux Unified Key Setup (LUKS)
- Setting User Quotas
- Securing Filesystems
- Securing NFS
- File Encryption with GPG
- File Encryption With OpenSSL
- LUKS-on-disk format Encrypted Filesystem
- Manage Special Permissions
- File and Directory Permissions
- File Creation Permissions with umask
- SUID and SGID on files
- SGID and Sticky Bit on Directories
- Changing File Permissions
- User Private Group Scheme
- Manage File Access Controls
- File Access Control Lists
- Manipulating FACLs
- Viewing FACLs
- Backing Up FACLs
- Using Filesystem ACLs
- Monitor for Filesystem Changes
- Host Intrusion Detection Systems
- Using RPM as a HIDS
- Introduction to AIDE
- AIDE Installation
- AIDE Policies
- AIDE Usage
- File Integrity Checking with RPM
- File Integrity Checking with AIDE
- Manage User Accounts
- Approaches to Storing User Accounts
- User and Group Concepts
- User Administration
- Modifying Accounts
- Group Administration
- RHEL DS Client Configuration
- System Security Services Daemon (SSSD)
- User Private Groups
- Password Security and PAM
- Unix Passwords
- Password Aging
- Auditing Passwords
- PAM Overview
- PAM Module Types
- PAM Order of Processing
- PAM Control Statements
- PAM Modules
- pam_unix
- pam_cracklib.so
- pam_env.so
- pam_xauth.so
- pam_tally2.so
- pam_wheel.so
- pam_limits.so
- pam_nologin.so
- pam_deny.so
- pam_warn.so
- pam_securetty.so
- pam_time.so
- pam_access.so
- pam_listfile.so
- pam_lastlog.so
- pam_console.so
- John the Ripper
- Cracklib
- Using pam_listfile to Implement Arbitrary ACLs
- Using pam_limits to Restrict Simultaneous Logins
- Using pam_nologin to Restrict Logins
- Using pam_access to Restrict Logins
- su & pam
- Using FreeIPA for Centralized Authentication
- What Is FreeIPA?
- FreeIPA Features
- FreeIPA Installation
- FreeIPA Client Installation
- User, Group, And Host Management
- User, Group, And Host Management
- FreeIPA Active Directory Integration
- Log File Administration
- System Logging
- systemd Journal
- systemd Journal's journalctl
- Secure Logging with Journal's Log Sealing
- gnome-system-log
- Rsyslog
- /etc/rsyslog.conf
- Log Management
- Log Anomaly Detector
- Sending logs from the shell
- Using the systemd Journal
- Setting up a Full Debug Logfile
- Remote Syslog Configuration
- Remote Rsyslog TLS Configuration
- Accountability with Kernel Auditd
- Accountability and Auditing
- Simple Session Auditing
- Simple Process Accounting & Command History
- Kernel-Level Auditing
- Configuring the Audit Daemon
- Controlling Kernel Audit System
- Creating Audit Rules
- Searching Audit Logs
- Generating Audit Log Reports
- Audit Log Analysis
- Auditing Login/Logout
- Auditing File Access
- Auditing Command Execution
- Securing Services
- Xinetd
- Xinetd Connection Limiting and Access Control
- Xinetd: Resource limits, redirection, logging
- TCP Wrappers
- The /etc/hosts.allow & /etc/hosts.deny Files
- /etc/hosts.{allow,deny} Shortcuts
- Advanced TCP Wrappers
- FirewallD
- Netfilter: Stateful Packet Filter Firewall
- Netfilter Concepts
- Using the iptables Command
- Netfilter Rule Syntax
- Targets
- Common match_specs
- Connection Tracking
- Securing xinetd Services
- Enforcing Security Policy with xinetd
- Securing Services with TCP Wrappers
- Securing Services with Netfilter
- FirewallD
- Troubleshooting Practice
- SELinux
- DAC vs. MAC
- Shortcomings of Traditional Unix Security
- SELinux Goals
- SELinux Evolution
- SELinux Modes
- Gathering SELinux Information
- SELinux Virtual Filesystem
- SELinux Contexts
- Managing Contexts
- The SELinux Policy
- Choosing an SELinux Policy
- Policy Layout
- Tuning and Adapting Policy
- Booleans
- Permissive Domains
- Managing File Context Database
- Managing Port Contexts
- SELinux Policy Tools
- Examining Policy
- SELinux Troubleshooting
- SELinux Troubleshooting Continued
- Exploring SELinux Modes
- SELinux File Contexts
- SELinux Contexts in Action
- Managing SELinux Booleans
- Creating Policy with Audit2allow
- Creating & Compiling Policy from Source