Enterprise Linux Security Administration

See Course Outline

Training for your Team

5
Days
  • Private Class for your Team
  • Online or On-location
  • Customizable
  • Expert Instructors

Training for Yourself

$2,125.00
or 5 vouchers
  • Live Online Training
  • For Individuals
  • Expert Instructors
  • Guaranteed to Run
  • 100% Free Re-take Option
  • 1-minute Video

Upcoming Classes

  • See More Classes

Please select a class.
Overview

This 5-day, highly technical Enterprise Linux Security Administration training class focuses on properly securing machines running the Linux operating systems. A broad range of general security techniques such as packet filtering, password policies, and file integrity checking are covered. Advanced security technologies such as Kerberos and SELinux are taught. Special attention is given to securing commonly deployed network services. At the end of the course, students have an excellent understanding of the potential security vulnerabilities - know how to audit existing machines, and how to securely deploy new network services. This course is intended for system and network administrators working with wide network security and authentication.

Goals
  1. Learn to properly secure machines running Linux.
  2. Learn a range of security techniques.
  3. Learn about advanced security technologies.
  4. Gain an understanding of potential security vulnerabilities.
  5. Gain the ability to audit existing machines and securely deploy new network services.
Outline
  1. Security Concepts
    1. Basic Security Principles
    2. RHEL6 Default Install
    3. RHEL6 Firewall
    4. SLES11 Default Install
    5. SLES11 Firewall
    6. SLES11: File Security
    7. Minimization - Discovery
    8. Service Discovery
    9. Hardening
    10. Security Concepts
  2. Scanning, Probing, and Mapping
    1. Vulnerabilities
    2. The Security Environment
    3. Stealth Reconnaissance
    4. The WHOIS database
    5. Interrogating DNS
    6. Discovering Hosts
    7. Discovering Reachable Services
    8. Reconn
    9. aissance with SNMP
    10. Discovery of RPC Services
    11. Enumerating NFS Shares
    12. Nessus Insecurity Scanner
    13. Configuring OpenVAS
  3. Password Security and PAM
    1. UNIX Passwords
    2. Password Aging
    3. Auditing Passwords
    4. PAM Overview
    5. PAM Module Types
    6. PAM Order of Processing
    7. PAM Control Statements
    8. PAM Modules
    9. pam_unix
    10. pam_cracklib.so
    11. pam_pwcheck.so
    12. pam_env.so
    13. pam_xauth.so
    14. pam_tally2.so
    15. pam_wheel.so
    16. pam_limits.so
    17. pam_nologin.so
    18. pam_deny.so
    19. pam_warn.so
    20. pam_securetty.so
    21. pam_time.so
    22. pam_access.so
    23. pam_listfile.so
    24. pam_lastlog.so
    25. pam_console.so
  4. Secure Network Time Protocol (NTP)
    1. The Importance of Time
    2. Hardware and System Clock
    3. Time Measurements
    4. NTP Terms and Definitions
    5. Synchronization Methods
    6. NTP Evolution
    7. Time Server Hierarchy
    8. Operational Modes
    9. NTP Clients
    10. Configuring NTP Clients
    11. Configuring NTP
    12. Servers
    13. Securing NTP
    14. NTP Packet Integrity
    15. Useful NTP Commands
  5. Kerberos Concepts and Components
    1. Common Security Problems
    2. Account Proliferation
    3. The Kerberos Solution
    4. Kerberos History
    5. Kerberos Implementations
    6. Kerberos Concepts
    7. Kerberos Principals
    8. Kerberos Safeguards
    9. Kerberos Components
    10. Authentication Process
    11. Identification Types
    12. Logging In
    13. Gaining Privileges
    14. Using Privileges
    15. Kerberos Components and the KDC
    16. Kerberized Services Review
    17. Kerberized Clients
    18. KDC Server Daemons
    19. Configuration Files
    20. Utilities Overview
  6. Implementing Kerberos
    1. Plan Topology and Implementation
    2. Kerberos 5 Client Software
    3. Kerberos 5 Server Software
    4. Synchronize Clocks
    5. Create Master KDC
    6. Configuring the Master KDC
    7. KDC Logging
    8. Kerberos Realm Defaults
    9. Specifying [realms]
    10. Specifying [domain_realm]
    11. Allow Administrative Access
    12. Create KDC Databases
    13. Create Administrators
    14. Install Keys for Services
    15. Start Services
    16. Add Host Principals
    17. Add Common Service Principals
    18. Configure Slave KDCs
    19. Create Principals for Slaves
    20. Define Slaves as KDCs
    21. Copy Configuration to Slaves
    22. Install Principals on Slaves
    23. Create Stash on Slaves
    24. Start Slave Daemons
    25. Client Configuration
    26. Install krb5.conf on Clients
    27. Client PAM Configuration
    28. Install Client Host Keys
  7. Administering and Using Kerberos
    1. Administrative Tasks
    2. Key Tables
    3. Managing Keytabs
    4. Managing Principals
    5. Viewing Principals
    6. Adding, Deleting, and Modifying
    7. Principals
    8. Principal Policy
    9. Overall Goals for Users
    10. Signing In to Kerberos
    11. Ticket types
    12. Viewing Tickets
    13. Removing Tickets
    14. Passwords
    15. Changing Passwords
    16. Giving Others Access
    17. Using Kerberized Services
    18. Kerberized FTP
    19. Enabling Kerberized Services
    20. OpenSSH and Kerberos
  8. Securing the Filesystem
    1. Filesystem Mount Options
    2. NFS Properties
    3. NFS Export Option
    4. NFSv4 and GSSAPI Auth
    5. Implementing NFSv4
    6. Implementing Kerberos with
    7. NFS
    8. GPG - GNU Privacy Guard
    9. File Encryption with OpenSSL
    10. File Encryption with encfs
    11. Linux Unified Key Setup (LUKS)
  9. AIDE
    1. Host Intrusion Detection Systems
    2. Using RPM as a HIDS
    3. Introduction to AIDE
    4. AIDE Installation
    5. AIDE Policies
    6. AIDE Usage
  10. Accountability with Kernel Audit
    1. Accountability and Auditing
    2. Simple Session Auditing
    3. Simple Process Accounting & Command
    4. History
    5. Kernel-Level Auditing
    6. Configuring the Audit Daemon
    7. Contr
    8. olling Kernel Audit System
    9. Creating Audit Rules
    10. Searching Audit Logs
    11. Generating Audit Log Reports
    12. Audit Log Analysis
  11. SELinux
    1. DAC vs. MAC
    2. Shortcomings of Traditional Unix
    3. Security
    4. AppArmor
    5. SELinux Goals
    6. SELinux Evolution
    7. SELinux Modes
    8. Gathering Information
    9. SELinux Virtual Filesystem
    10. SELinux Contexts
    11. Managing Contexts
    12. The SELinux Policy
    13. Choosing an SELinux Policy
    14. Policy Layout
    15. Tuning and Adapting Policy
    16. Booleans
    17. Permissive Domains
    18. Managing File Contexts
    19. Managing Port Contexts
    20. SELinux Policy Tools
    21. Examining Policy
    22. SELinux Troubleshooting
  12. Securing Apache
    1. Apache Overview
    2. httpd.conf-Server Settings
    3. Configuring CGI
    4. Turning Off Unneeded Modules
    5. Delegating Administration
    6. Apache Access Controls
    7. (mod_access)
    8. HTTP User Authentication
    9. Standard Auth Modules
    10. HTTP Digest Authentication
    11. Authentica
    12. tion via SQL
    13. Authentication via LDAP
    14. Authentication via Kerberos
    15. Scrubbing HTTP Headers
    16. Metering HTTP Band
  13. Securing PostgreSQL
    1. PostgreSQL Overview
    2. PostgreSQL Default Config
    3. Configuring SSL
    4. Client Authentication Basics
    5. Advanced Authentication
    6. Ident-based Authentication
Class Materials

Each student in our Live Online and our Onsite classes receives a comprehensive set of materials, including course notes and all the class examples.

Class Prerequisites

Experience in the following is required for this Linux class:

  • Systems administration experience with current Linux or UNIX systems.
Preparing for Class

No cancelation for low enrollment

Certified Microsoft Partner

Registered Education Provider (R.E.P.)

GSA schedule pricing

91,059

Students who have taken Live Online Training

16,075

Organizations who trust Webucator for their training needs

100%

Satisfaction guarantee and retake option

9.44

Students rated our trainers 9.44 out of 10 based on 5097 reviews

This class hits the mark. Very professional and engaging instruction. I highly recommend, particularly for the cost.

Elizabeth Dorso, Save the Children
Fairfield CT

Amazing instructor. Very hands on. I highly recommend Webucator!

Norma Lagares, Softchoice
Cumming GA

This class was very informative and I would definitely recommend it to anyone looking to get more out of PowerPoint. Our instructor was very attentive and engaging.

Laura Gass, Patron Spirits Company
Coral Springs FL

My Crystal Reports instructor was extremely knowledgeable and focused on showing us practical, efficient ways to use the application. I appreciate that everything that was covered, I can use in my job. The quality of the web class experience was excellent, with not one technical glitch. This was a very enjoyable way to learn.

Kathryn Coe, City Utilities
Springfield MO

Contact Us or call 1-877-932-8228