Linux Security and Hardening: A Practical Approach
Linux security guide that provides practical tips for hardening your Linux server to prevent hacking attempts.
Description
Introduction
About Security
Tips & Tricks
Physical Security of a Linux Box
Overview of Physical Security
BIOS Firmware Security
Set BIOS Password
Single User Mode Security
How to set password at Single User Mode
Securing Boot Loader
Section Summary
Project Assignment: Securing Single User Mode in Linux
Project Assignment: Securing the Boot Loader in Linux
PAM (Pluggable Authentication Modules)
Overview of PAM Security
Concepts of PAM
PAM Modules & Configurations
PAM Module Groups
Control Flags in PAM
PAM Modules
Project Assignment on PAM - Pluggable Authentication Modules
Quiz
Account Security
Overview of User Account Security
User Account Information
Forcing strong passwords
Pam_pwquality - Password strength-checking
Security by Account Locked
Account Locked using pam_faillock PAM module - Lab Session
Understanding Password Aging Policy
Practice Lab Session
File System Security
Overview of File & Directory Permission
Access mode
Change Permission & Ownership
Special Permissions
·Setuid, Setguid, Sticky bit, ACL, etc
ACL
Controlling files with ACL
ACLs demo
Practice Lab Session
General Security
Keep your system updated
Disable USB stick
Turn off IPv6
Restrict users to use old passwords
Check password expiration
Verify accounts for Empty password
Verify accounts for “Zero” UID
Review logs regularly
Keep /boot as read only
Network Security
Overview of Network Security
Openssh Security
Securing SSHD
Linux Firewall
Firewall concepts
About nftables, features, and advantages of firewalld
Firewalld components, pre-defined zones
How packet flows through the firewall
Check firewalld services - Lab Session
Adding and Removing Services & Port from Firewall Server - Lab Session
Add Services Permanently in Firewalld - Lab Session
Add HTTP Service in firewalld - Lab Session
Port forwarding - Lab Session
Conceptual discussion about Masquerading, Packet Flow in Firewalld
Masquerading with Port Forwarding - Lab Session
About Rich Rules in Firewalld
Specifically allow a Server using Rich Rules - Lab Session
Allow Telnet Port, SSH with log-prefix using Rich Rule - Lab Session
Accept, Reject, Drop - Lab Session
Managing SELinux Security
Introduction - SELinux
SELinux Security Concepts
Changing SELinux Modes
Practice Lab Sessions
Changing SELinux Contexts
SELinux Booleans
Audit logs & troubleshooting SELinux
Last lecture
What You Will Learn!
- Physical Security of a Linux Box
- BIOS Firmware Security
- Single User Mode Security (RHEL6,7)
- Securing Boot Loader
- Overview of PAM Security
- Concepts of PAM
- PAM Modules & Configurations
- Control Flags in PAM
- User Account Security
- Forcing strong passwords
- Security by Account Locked
- Understanding Password Aging Policy
- Overview of File & Directory Permission
- Controlling files with ACL
- General Security
- Overview of Network Security
- Securing SSHD
- Linux Firewall
- Port forwarding & Masquerading using firewall
- Implementing Mandatory Access Control with SELinux
- SELinux Security Concepts
- Audit logs & Troubleshooting SELinux
Who Should Attend!
- There is no formal prerequisites for this course, however, previous system administrator experience on other operating system would be very beneficial.
- Graduate Students and also for those who are in job in Linux Administration & wants to get hands-on practical experience on Linux Security & Hardening