Linux Security

As Linux servers are offering more and more vital services on the Internet, it becomes really important to have a plan in securing these servers. Securing a Linux server goes way beyond applying permissions and using strong passwords. In this 2 day course you will learn how to set up a secure Linux server in a hostile world. The information in this course is based on SUSE Linux Enterprise Server and Red Hat Enterprise Linux . Participants can work on either of these platforms, or any other Linux distribution of their choice (although minor differences may exist with topics as they are covered).

Available in Dutch, English and French

1. Installing a secure Linux server

- Setting up disks and partitions for security

- Working with encrypted storage devices

2. Advanced File System Security

- Quick Overview of Linux Permissions

- Advanced Linux Permissions

- Working with Access Control Lists

- Applying User Extended Attributes

3. Setting up a Secure Logging Environment

- rsyslog overview

- Configuring log rotation and remote logging

- Protecting rsyslog against DoS attacks

4. Becoming an iptables guru

- Understanding how to set up a secure firewall

- Providing service access through a firewall

- Setting up NAT and port forwarding

5. Using SELinux and AppArmor for Advanced Security Settings

- Understanding the options offered by the Linux Security Framework

- What to choose: SELinux or AppArmor

- Offering basic applications protection through SELinux and AppArmor

- Making Sure that Services still work after implementing your SELinux or Apparmor solution

6. Setting up a Certificates Infrastructure

- Understanding PKI Certificates

- Setting up your own Certificate Server

- Having your certificates signed by external authorities

7. Analyzing the Network

- Using tcpdump and related sniffers

- Analyzing incoming network connections and traffic

- Analyzing service availability on remote machines

8. Setting up a File Integrity Checker

- Understanding the need for file integrity checkers

- Configuring AIDE

9. Working with GPG

- Understanding GPG security

- Setting up a Circle of Trust

- Encrypting mail with GPG

- Sending Encrypted Files with GPG

10. Final Case: Analyzing a Hack

Despite all that you have done to secure a server, sometimes it goes wrong anyway. In this last topic you'll analyze a real hack and set up your server to protect against similar scenarios.

Linux administrators at LPI-1, RHCSA, CLA level or with one year of real experience using Linux in a corporate environment

Dag 1: 09.00 - 16.30
Dag 2: 09.00 - 16.30