GL413 - Enterprise Linux Hardening
Hardening of a RHEL Linux System.
- Prerequisites:
-
Knowledge equivalent to the GL124 "RHEL Admin 1" and GL134 "RHEL Admin 2"
- Supported Distributions:
- Red Hat Enterprise Linux 7
- Recommended Class Length:
- 4 days
- Detailed Course Outline:
-
- SECURITY CONCEPTS
- Basic Security Principles
- RHEL7 Default Install
- Minimization – Discovery
- Service Discovery
- Hardening
- Security Concepts
- Removing Packages Using RPM
- Firewall Configuration
- Process Discovery
- Operation of the setuid() and capset() System Calls
- Operation of the chroot() System Call
- Introduction to Troubleshooting Labs
- SCANNING, PROBING, AND MAPPING VULNERABILITIES
- The Security Environment
- Stealth Reconnaissance
- The WHOIS database
- Interrogating DNS
- Discovering Hosts
- Discovering Reachable Services
- Reconnaissance with SNMP
- Discovery of RPC Services
- Enumerating NFS Shares
- Nessus/OpenVAS Insecurity Scanner
- Configuring OpenVAS
- Intrusion Detection Systems
- Snort Rules
- Writing Snort Rules
- NMAP
- OpenVAS
- Advanced nmap Options
- TRACKING SECURITY UPDATES AND SOFTWARE MAINTENANCE
- Security Advisories
- Managing Software
- RPM Features
- RPM Architecture
- RPM Package Files
- Working With RPMs
- Querying and Verifying with RPM
- Updating the Kernel RPM
- Dealing With RPM & Yum Digest Changes
- Using the Yum command
- Using Yum history
- Yum Plugins & RHN Subscription Manager
- Yum Version Lock Plugin
- Yum Repositories
- Managing Software with RPM
- Creating a Custom RPM Repository
- Querying the RPM Database
- Using Yum
- MANAGE THE FILESYSTEM
- Partitioning Disks with fdisk & gdisk
- Resizing a GPT Partition with gdisk
- Partitioning Disks with parted
- Non-Interactive Disk Partitioning with sfdisk
- Filesystem Creation
- Persistent Block Devices
- Mounting Filesystems
- Filesystem Maintenance
- Swap
- Creating and Managing Filesystems
- Hot Adding Swap
- SECURING THE FILESYSTEM
- Configuring Disk Quotas
- Setting Quotas
- Viewing and Monitoring Quotas
- Filesystem Attributes
- Filesystem Mount Options
- GPG – GNU Privacy Guard
- File Encryption with OpenSSL
- File Encryption With encfs
- Linux Unified Key Setup (LUKS)
- Setting User Quotas
- Securing Filesystems
- Securing NFS
- File Encryption with GPG
- File Encryption With OpenSSL
- LUKS-on-disk format Encrypted Filesystem
- MANAGE SPECIAL PERMISSIONS
- File and Directory Permissions
- File Creation Permissions with umask
- SUID and SGID on files
- SGID and Sticky Bit on Directories
- Changing File Permissions
- User Private Group Scheme
- MANAGE FILE ACCESS CONTROLS
- File Access Control Lists
- Manipulating FACLs
- Viewing FACLs
- Backing Up FACLs
- Using Filesystem ACLs
- MONITOR FOR FILESYSTEM CHANGES
- Host Intrusion Detection Systems
- Using RPM as a HIDS
- Introduction to AIDE
- AIDE Installation
- AIDE Policies
- AIDE Usage
- File Integrity Checking with RPM
- File Integrity Checking with AIDE
- MANAGE USER ACCOUNTS
- Approaches to Storing User Accounts
- User and Group Concepts
- User Administration
- Modifying Accounts
- Group Administration
- RHEL DS Client Configuration
- System Security Services Daemon (SSSD)
- User Private Groups
- PASSWORD SECURITY AND PAM
- Unix Passwords
- Password Aging
- Auditing Passwords
- PAM Overview
- PAM Module Types
- PAM Order of Processing
- PAM Control Statements
- PAM Modules
- pam_unix
- pam_cracklib.so
- pam_env.so
- pam_xauth.so
- pam_tally2.so
- pam_wheel.so
- pam_limits.so
- pam_nologin.so
- pam_deny.so
- pam_warn.so
- pam_securetty.so
- pam_time.so
- pam_access.so
- pam_listfile.so
- pam_lastlog.so
- pam_console.so
- John the Ripper
- Cracklib
- Using pam_listfile to Implement Arbitrary ACLs
- Using pam_limits to Restrict Simultaneous Logins
- Using pam_nologin to Restrict Logins
- Using pam_access to Restrict Logins
- su & pam
- USING FREEIPA FOR CENTRALIZED AUTHENTICATION
- What Is FreeIPA?
- FreeIPA Features
- FreeIPA Installation
- FreeIPA Client Installation
- User, Group, And Host Management
- User, Group, And Host Management
- FreeIPA Active Directory Integration
- LOG FILE ADMINISTRATION
- System Logging
- systemd Journal
- systemd Journal's journalctl
- Secure Logging with Journal's Log Sealing
- gnome-system-log
- Rsyslog
- /etc/rsyslog.conf
- Log Management
- Log Anomaly Detector
- Sending logs from the shell
- Using the systemd Journal
- Setting up a Full Debug Logfile
- Remote Syslog Configuration
- Remote Rsyslog TLS Configuration
- ACCOUNTABILITY WITH KERNEL AUDITD
- Accountability and Auditing
- Simple Session Auditing
- Simple Process Accounting & Command History
- Kernel-Level Auditing
- Configuring the Audit Daemon
- Controlling Kernel Audit System
- Creating Audit Rules
- Searching Audit Logs
- Generating Audit Log Reports
- Audit Log Analysis
- Auditing Login/Logout
- Auditing File Access
- Auditing Command Execution
- SECURING SERVICES
- Xinetd
- Xinetd Connection Limiting and Access Control
- Xinetd: Resource limits, redirection, logging
- TCP Wrappers
- The /etc/hosts.allow & /etc/hosts.deny Files
- /etc/hosts.{allow,deny} Shortcuts
- Advanced TCP Wrappers
- FirewallD
- Netfilter: Stateful Packet Filter Firewall
- Netfilter Concepts
- Using the iptables Command
- Netfilter Rule Syntax
- Targets
- Common match_specs
- Extended Packet Matching Modules
- Connection Tracking
- Securing xinetd Services
- Enforcing Security Policy with xinetd
- Securing Services with TCP Wrappers
- Securing Services with Netfilter
- FirewallD
- Troubleshooting Practice
- SELINUX
- DAC vs. MAC
- Shortcomings of Traditional Unix Security
- SELinux Goals
- SELinux Evolution
- SELinux Modes
- Gathering SELinux Information
- SELinux Virtual Filesystem
- SELinux Contexts
- Managing Contexts
- The SELinux Policy
- Choosing an SELinux Policy
- Policy Layout
- Tuning and Adapting Policy
- Booleans
- Permissive Domains
- Managing File Context Database
- Managing Port Contexts
- SELinux Policy Tools
- Examining Policy
- SELinux Troubleshooting
- SELinux Troubleshooting Continued
- Exploring SELinux Modes
- SELinux File Contexts
- SELinux Contexts in Action
- Managing SELinux Booleans
- Creating Policy with Audit2allow
- Creating & Compiling Policy from Source
- SECURITY CONCEPTS