Enterprise Linux Security Administration
CLASS DATE(s):
Request a Class

COURSE LENGTH: 5 Days

COURSE COST: $2495

COURSE TIMES: 9:00am - 4:30pm

Printable version of this course
print

COURSE OVERVIEW

This 5-day, highly technical course focuses on properly securing machines running the Linux operating systems. A broad range of general security techniques such as packet filtering, password policies, and file integrity checking are covered. Advanced security technologies such as Kerberos and SELinux are taught. Special attention is given to securing commonly deployed network services. At the end of the course, students have an excellent understanding of the potential security vulnerabilities - know how to audit existing machines, and how to securely deploy new network services.

AUDIENCE AND PREREQUISITES

System and network administrators working with wide network security and authentication.

  

*Course Cost listed does not include the cost of courseware or lunch, required in your registration. Please refer to your Enrollment Sales Order or Invoice for the additional cost. If you have any questions, please contact us (learn@vtec.org or 207-775-0244). Course subject to minimum enrollment.

COURSE TOPICS:


Security Concepts
Basic Security Principles
RHEL6 Default Install
RHEL6 Firewall
SLES11 Default Install
SLES11 Firewall
SLES11 File Security
Minimization - Discovery
Hardening
Security Concepts

Scanning, Probing and Mapping Vulnerabilities
The Security Environment
Stealth Reconnaissance
The WHOIS database
Interrogating DNS
Discovering Hosts
Discovering Reachable Services
Reconnaissance with SNMP
Discovery of RPC Services
Ennumerating NFS Shares
Nessus Insecurity Scanner
Configuring OpenVAS

Password Security and PAM
UNIX Passwords
Password Aging
Auditing Passwords
PAM Overview
PAM Module Types
PAM Order of Processing
PAM Control Statements
PAM Modules

Secure Network Time Protocol (NTP)
The Importance of Time
Hardware and System Clock
NTP Terms and Definitions
Synchronization Methods
NTP Evolutions
Time Server Hierarchy
Operational Modes
NTP Clients
Configuring NTP Clients
Configuring NTP Servers
Securing NTP
Useful NTP Commands

Kerberos Concepts and Components
Common Security Problems
Account Proliferation
The Kerberos Solution
Kerberos History
Kerberos Implementation
Kerberos Concepts
Kerberos Principals
Kerberos Safeguards
Kerberos Components
Authenitcation Process
ID Types

Using Kerberos
Logging In
Gaining Privleges
Using Privileges
Kerberos Components and the KDC
Kerberized Services Review
Kerberized Clients
KDC Server Daemons
Configuration Files
Utilities Overview

Implementing Kerberos
Plan Topology and Implementation
Kerberos 5 Client Software
Kerberos 5 Server Software
Synchrolize Clocks
Create Master KDC
Configuring the Master KDC
KDC Logging
Kerberos RealmDefaults
Specifying [realms]
Specifying [domain_realm]
Allow Administrative Access
Create KDC Databases

con't...
Create Administrators
Install Keys for Services
Start Services
Add Host Principals
Add Common Service Principals
Configure Slave KDC's
Create Principals for Slaves
Define Slaves as KDCs
Copy Configuration to Slaves
Install Principals on Slaves
Create Stash on Slaves
Start Slave Daemons
Client Configuration
Install krb5.conf on Clients
Client PAM Configuration
Install Client Host Keys

Administering and Using Kerberos
Administrative Tasks
Key Tables
Managing Keytypes
Managing Prinicpals
Viewing Principals
Adding, Deleting and Modifying Principals
Principal Policy
Overall Goals for Users
Signing into Kerberos
Ticket Types
Viewing Tickets
Removing Tickets

con't...
Changing Passwords
Giving Others Access
Using Kerberized Services
Kerberized FTP
Enabling Kerberized Services
Open SSH and Kerberos

Securing the Filesystem
Filesystem Mount Options
NFS Properties
NFS Export Option
NFSv4
Implementing Kerberis with NFS
GPG - GNU Privacy Guard
File Encryption with OpenSSL
File Encryption with encfs
Linux Unified Key Setup (LUKS)

AIDE
Host Intrusion Detection Systems
Using RPM as a HIDS
Introduction to AIDE
AIDE installation
AIDE Policies
AIDE Usage Chapter Selection

Accountablility with Kernel Audit
Accountability and Auditing
Simple Session Auditing
Simple Process Accounting and Command History
Kernel-Level Auditing
Configuring the Audit Daemon
Controlling Kernel Audit System
Creating Audit Rules
Searching Audit Logs
Generating Audit Log Reports
Audit Log Analysis

SE Linux
DAC vs. MAC
Shortcomings of Tradidtional Unix Security
AppArmor
SELinux Goals, Evolution and Modes
Gathering Information
The SELinux Policy
Choosing an SELinux Policy
Policy Layout
Tuning and Adapting Policy
Booleans
Permissive Domains
Managing File Contexts

con't...
Managing File Ports Contexts
SELinux Policy Tools
Examining Policy
SELinux Troubleshooting

Security Apache
Apache Overview
httpd.conf - Server Settings
Configuring CGI
Turning off Unneeded Modules
Delegating Administration
Apache Access Controls (mod_access)
HTTP User Authenication
Standard Auth Modules
HTTP Digest Authentication
Authentication via SQL
Authentication via LDAP
Authentication via Kerberos

Securing PostgreSQL
PostgreSQL Overview
Postgre SQL Default Config
Configuring SSL
Client Authentication Basics
Advanced Authentication
Ident-based Authentication