Linux Security and Hardening: A Practical Approach

Linux security guide that provides practical tips for hardening your Linux server to prevent hacking attempts.

Ratings: 4.84 / 5.00




Description

Introduction

  • About Security

  • Tips & Tricks

Physical Security of a Linux Box

  • Overview of Physical Security

  • BIOS Firmware Security

  • Set BIOS Password

  • Single User Mode Security

  • How to set password at Single User Mode

  • Securing Boot Loader

  • Section Summary

  • Project Assignment: Securing Single User Mode in Linux

  • Project Assignment: Securing the Boot Loader in Linux

PAM (Pluggable Authentication Modules)

  • Overview of PAM Security

  • Concepts of PAM

  • PAM Modules & Configurations

  • PAM Module Groups

  • Control Flags in PAM

  • PAM Modules

  • Project Assignment on PAM - Pluggable Authentication Modules

  • Quiz

Account Security

  • Overview of User Account Security

  • User Account Information

  • Forcing strong passwords

  • Pam_pwquality - Password strength-checking

  • Security by Account Locked

  • Account Locked using pam_faillock PAM module - Lab Session

  • Understanding Password Aging Policy

  • Practice Lab Session

File System Security

  • Overview of File & Directory Permission

  • Access mode

  • Change Permission & Ownership

  • Special Permissions

  • ·Setuid, Setguid, Sticky bit, ACL, etc

  • ACL

  • Controlling files with ACL

  • ACLs demo

  • Practice Lab Session

General Security

  • Keep your system updated

  • Disable USB stick

  • Turn off IPv6

  • Restrict users to use old passwords

  • Check password expiration

  • Verify accounts for Empty password

  • Verify accounts for “Zero” UID

  • Review logs regularly

  • Keep /boot as read only

Network Security

  • Overview of Network Security

  • Openssh Security

  • Securing SSHD

Linux Firewall

  • Firewall concepts

  • About nftables, features, and advantages of firewalld

  • Firewalld components, pre-defined zones

  • How packet flows through the firewall

  • Check firewalld services - Lab Session

  • Adding and Removing Services & Port from Firewall Server - Lab Session

  • Add Services Permanently in Firewalld - Lab Session

  • Add HTTP Service in firewalld - Lab Session

  • Port forwarding - Lab Session

  • Conceptual discussion about Masquerading, Packet Flow in Firewalld

  • Masquerading with Port Forwarding - Lab Session

  • About Rich Rules in Firewalld

  • Specifically allow a Server using Rich Rules - Lab Session

  • Allow Telnet Port, SSH with log-prefix using Rich Rule - Lab Session

  • Accept, Reject, Drop - Lab Session

Managing SELinux Security

  • Introduction - SELinux

  • SELinux Security Concepts

  • Changing SELinux Modes

  • Practice Lab Sessions

  • Changing SELinux Contexts

  • SELinux Booleans

  • Audit logs & troubleshooting SELinux

  • Last lecture

What You Will Learn!

  • Physical Security of a Linux Box
  • BIOS Firmware Security
  • Single User Mode Security (RHEL6,7)
  • Securing Boot Loader
  • Overview of PAM Security
  • Concepts of PAM
  • PAM Modules & Configurations
  • Control Flags in PAM
  • User Account Security
  • Forcing strong passwords
  • Security by Account Locked
  • Understanding Password Aging Policy
  • Overview of File & Directory Permission
  • Controlling files with ACL
  • General Security
  • Overview of Network Security
  • Securing SSHD
  • Linux Firewall
  • Port forwarding & Masquerading using firewall
  • Implementing Mandatory Access Control with SELinux
  • SELinux Security Concepts
  • Audit logs & Troubleshooting SELinux

Who Should Attend!

  • There is no formal prerequisites for this course, however, previous system administrator experience on other operating system would be very beneficial.
  • Graduate Students and also for those who are in job in Linux Administration & wants to get hands-on practical experience on Linux Security & Hardening