Enterprise Linux Security Administration
Request a Class
9:00am - 4:30pm
This 5-day, highly technical course focuses on properly securing machines running the Linux operating systems. A broad range of general security techniques such as packet filtering, password policies, and file integrity checking are covered. Advanced security technologies such as Kerberos and SELinux are taught. Special attention is given to securing commonly deployed network services. At the end of the course, students have an excellent understanding of the potential security vulnerabilities - know how to audit existing machines, and how to securely deploy new network services.
AUDIENCE AND PREREQUISITES
System and network administrators working with wide network security and authentication.
*Course Cost listed does not include the cost of courseware or lunch, required in your registration. Please refer to your Enrollment Sales Order or Invoice for the additional cost. If you have any questions, please contact us (firstname.lastname@example.org or 207-775-0244). Course subject to minimum enrollment.
Security Concepts Basic Security Principles RHEL6 Default Install RHEL6 Firewall SLES11 Default Install SLES11 Firewall SLES11 File Security Minimization - Discovery Hardening Security ConceptsScanning, Probing and Mapping Vulnerabilities The Security Environment Stealth Reconnaissance The WHOIS database Interrogating DNS Discovering Hosts Discovering Reachable Services Reconnaissance with SNMP Discovery of RPC Services Ennumerating NFS Shares Nessus Insecurity Scanner Configuring OpenVASPassword Security and PAM UNIX Passwords Password Aging Auditing Passwords PAM Overview PAM Module Types PAM Order of Processing PAM Control Statements PAM ModulesSecure Network Time Protocol (NTP) The Importance of Time Hardware and System Clock NTP Terms and Definitions Synchronization Methods NTP Evolutions Time Server Hierarchy Operational Modes NTP Clients Configuring NTP Clients Configuring NTP Servers Securing NTP Useful NTP CommandsKerberos Concepts and Components Common Security Problems Account Proliferation The Kerberos Solution Kerberos History Kerberos Implementation Kerberos Concepts Kerberos Principals Kerberos Safeguards Kerberos Components Authenitcation Process ID TypesUsing Kerberos Logging In Gaining Privleges Using Privileges Kerberos Components and the KDC Kerberized Services Review Kerberized Clients KDC Server Daemons Configuration Files Utilities OverviewImplementing Kerberos Plan Topology and Implementation Kerberos 5 Client Software Kerberos 5 Server Software Synchrolize Clocks Create Master KDC Configuring the Master KDC KDC Logging Kerberos RealmDefaults Specifying [realms] Specifying [domain_realm] Allow Administrative Access Create KDC Databasescon't... Create Administrators Install Keys for Services Start Services Add Host Principals Add Common Service Principals Configure Slave KDC's Create Principals for Slaves Define Slaves as KDCs Copy Configuration to Slaves Install Principals on Slaves Create Stash on Slaves Start Slave Daemons Client Configuration Install krb5.conf on Clients Client PAM Configuration Install Client Host KeysAdministering and Using Kerberos Administrative Tasks Key Tables Managing Keytypes Managing Prinicpals Viewing Principals Adding, Deleting and Modifying Principals Principal Policy Overall Goals for Users Signing into Kerberos Ticket Types Viewing Tickets Removing Ticketscon't... Changing Passwords Giving Others Access Using Kerberized Services Kerberized FTP Enabling Kerberized Services Open SSH and KerberosSecuring the Filesystem Filesystem Mount Options NFS Properties NFS Export Option NFSv4 Implementing Kerberis with NFS GPG - GNU Privacy Guard File Encryption with OpenSSL File Encryption with encfs Linux Unified Key Setup (LUKS)AIDE Host Intrusion Detection Systems Using RPM as a HIDS Introduction to AIDE AIDE installation AIDE Policies AIDE Usage Chapter SelectionAccountablility with Kernel Audit Accountability and Auditing Simple Session Auditing Simple Process Accounting and Command History Kernel-Level Auditing Configuring the Audit Daemon Controlling Kernel Audit System Creating Audit Rules Searching Audit Logs Generating Audit Log Reports Audit Log AnalysisSE Linux DAC vs. MAC Shortcomings of Tradidtional Unix Security AppArmor SELinux Goals, Evolution and Modes Gathering Information The SELinux Policy Choosing an SELinux Policy Policy Layout Tuning and Adapting Policy Booleans Permissive Domains Managing File Contextscon't... Managing File Ports Contexts SELinux Policy Tools Examining Policy SELinux TroubleshootingSecurity Apache Apache Overview httpd.conf - Server Settings Configuring CGI Turning off Unneeded Modules Delegating Administration Apache Access Controls (mod_access) HTTP User Authenication Standard Auth Modules HTTP Digest Authentication Authentication via SQL Authentication via LDAP Authentication via KerberosSecuring PostgreSQL PostgreSQL Overview Postgre SQL Default Config Configuring SSL Client Authentication Basics Advanced Authentication Ident-based Authentication