Red Hat System Security

Course Introduction

• Administration and Course Materials
• Course Structure and Agenda
• Delegate and Trainer Introductions

Session 1: INTRODUCTION TO LINUX SECURITY

• Linux Native Security
• Areas of Security
• Common Attack Methods
• Basic Security Precautions
• Standards and Compliance
• Security Technical Implementation Guides (STIGs)
• Exercise

Session 2: SECURING THE USER ENVIRONMENT

• Managing User Accounts and Security Options
• Configuring Account Defaults
• Default File and Directory Permissions
• Configuring History Variables
• Querying and Confining Command Line History
• Exercise

Session 3: LINUX LOGGING AND AUDITING

• Security Related Log Files
• Querying Login Activity
• Viewing and Configuring the Journal
• Viewing and Understanding Audit Records
• Generating Audit Queries
• Defining Auditing Rules
• Audit Performance
• Exercise

Session 4: SELINUX

• DAC vs MAC
• SELinux Policy
• SELinux Contexts
• SELinux Key Commands
• Viewing SELinux Decisions
• SELinux Booleans
• Permissive and Unconfined Domains
• Exporting SELinux Configuration
• Exercise

Session 5: SELINUX MODULES

• SELinux Entities
• Listing and Administering SELinux Modules
• Creating Modules With audit2allow
• Writing and Editing SELinux Modules
• Type Enforcement and File Context Files
• Exercise

Session 6: RED HAT FIREWALL

• Firewalld Overview
• Firewalld vs IPTables
• Configuring Firewall ports
• Creating a Firewall Service
• Creating and Configuring Firewall Zones
• Viewing and Creating Rich Rules
• Fail2ban Installation and Configuration
• Exercise

Session 7: SECURING SSH

• SSH Key Algorithms
• SSH Agents and Server Options
• Restricting Authentication Methods
• Viewing and Encrypting the known_hosts File
• Certificate Based Authentication
• Verifying Signed Certificates
• Exercise

Session 8: SECURING APPLICATIONS

• TCP Wrapper Access Checking
• TCP Wrapper Extended Syntax
• Configuring an NTP Server
• Securing chrony and Authenticating Clients
• Exercise

Session 9: INTRUSION DETECTION AND PREVENTION

• Detecting Host Intrusions
• Limitations of AIDE
• Installing and Configuring AIDE
• Detecting Filesystem Changes
• Detecting and Removing Rootkits
• Rootkit Best Practices
• Installing and Configuring ClamAV
• Exercise

Session 10: CREATING AND SIGNING AN RPM PACKAGE

• Common Vulnerabilities and Exposures (CVE's)
• Red Hat Package Management
• Obtaining Detailed Update Information
• Post Update Considerations and Rolling Back Packages
• Details on Security Packages
• Package Management History
• Creating and Signing an RMP Package
• Creating a Package Repository
• Exercise

Session 11: PLUGGABLE AUTHENTICATION MODULES

• PAM File Format
• Restricting Services with PAM
• Restricting Access to SSH
• Increasing Password Complexity
• Delaying Failed Logins
• Controlling Access by Time
• Limiting user Resources
• Exercise

Session 12: LINUX PASSWORDS

• Password Hashing Methods
• Verifying Password Strength
• Password Attacks Types
• Password Cracking
• Installing a Password Cracking Utility
• Installing a Word List
• Exercise

Session 13: SUDO AND RESTRICTING LOGINS

• Basic Examples and Command Line Options
• Sudo Aliases, Tags and Groups
• Sudo Password Administration
• Running Sudo On Remote Systems
• Sudoedit
• Sudo Logging and Replay
• Include Statements
• Restricting root Access
• Configuring Timeouts
• Exercise

Session 14: SECURING THE LINUX FILESYSTEM

• Partitioning Considerations
• Protecting the Boot Menu
• Securely Erasing Data
• Data Sanitisation Methods
• Extended Permissions and File Attributes
• Creating and Modifying File Access Control Lists (ACLs)
• LUKS Encrypted Partitions
• Exercise

APPENDIX A: RED HAT IDENTITY MANAGEMENT

• IRed Hat Identity Management
• Identity Management Domain
• IDM Server and Client Installation and Configuration

APPENDIX B: CERTIFICATE BASED AUTHENTICATION

• Creating a Certificate Authority
• Configuring Logging with TLS
• Securing VSFTPD for SSL/TLS

APPENDIX C: AUDIT RECORDS

APPENDIX D: RESETTING A LOST ROOT PASSWORD