Linux Security Through Layers

Building a Layered Security Model for Linux Servers

Instructor: Jim Wildman

Overview

This session will be predominantly distro agnostic and will cover topics to build a layered model for Linux security. The session will cover many topics and tools as listed below in Learning Objectives. The session will include “show and tell” as well as some hands-on lab work.

Learning Objectives

  • Introduction:
    • What this is: A starting point for security
    • What this is not
    • Discuss some possible attack vectors
  • Before You Begin (distro agnostic):
    • LUKS for your Laptop
    • LUKS for servers (with TANG)
  • Linux Fundamentals (distro agnostic):
    • File system permissions
    • File system ACL
    • get/setfacl
    • Log files and rsyslog
    • SSH keys/authorized keyfiles (including authorized files)
    • Firewalld (with a brief introduction to figuring out if a port is open or not… nmap & other tools)
  • Auditing a system (distro agnostic):
    • auditd
    • aureport/ausearch
    • aide
  • SELinux (RHEL focused):
    • confining users
    • enabling for everything
    • disabling a specific domain
    • troubleshooting
    • avoiding audit2allow
  • Introduction to Ansible (distro agnostic):
    • What is it?
    • Ansible Basics
    • Using ansible to push configuration changes for environmental consistency
  • OpenSCAP (distro agnostic)
    • What is it?
    • Using OpenSCAP workbench
  • Monitoring With Prometheus (distro agnostic)

Student Requirements and Prerequisites

Students should bring laptops with an SSH client; Windows, Mac, Linux, doesn’t matter.

Instructor’s Bio

Jim Wildman is a farm boy from central Ohio who discovered Unix in 1985 and has been involved in that world ever since. Linux came along in 1995 and lead to his first production system in 1998 (a Hylafax server). For many years, Jim was involved in with the Central Ohio Linux User Group (COLUG) and has spoken at numerous business and user group conferences. Jim has worked in every major industry vertical and is currently employed as a Principal Solutions Architect by Red Hat supporting accounts in Florida.

 

Date and Time

November 1, 2019

  • Morning session: 8:30 AM to 12 at noon
  • Lunch break: 12:00 to 1:00 PM
  • Afternoon session: 1:00 PM to 4:30 PM

Registration

Go to registration page to register for the training course and select “Ohio LinuxFest Institute Professional Pass”. During the registration process, you will get an option to select your training program.