Course Description

This highly technical course focuses on properly securing machines running the Linux operating systems. A broad range of general security techniques such as packet filtering, password policies, and file integrity checking are covered. Advanced security technologies such as Kerberos and SELinux are taught. Special attention is given to securing commonly deployed network services. At the end of the course, students have an excellent understanding of the potential security vulnerabilities -- know how to audit existing machines, and how to securely deploy new network services.

Prerequisites

This class covers advanced security topics and is intended for experienced systems administrators. Candidates should have current Linux or UNIX systems administration experience equivalent to the GL120 "Linux Fundamentals", GL250 "Enterprise Linux Systems Administration", and GL275 "Enterprise Linux Network Services".

Supported Distributions

• Red Hat Enterprise Linux 7
• SUSE Linux Enterprise 12

Course Outline

• Security Concepts
• Scanning, Probing, and Mapping Vulnerabilities
• Password Security and PAM
• Secure Network Time Protocol (NTP)
• Kerberos Concepts and Components
• Implementing Kerberos
• Administering and Using Kerberos
• Securing the Filesystem
• AIDE
• Accountability with Kernel Auditd
• SELinux
• Securing Apache
• Securing PostgreSQL
• Securing Email Systems