Building a Layered Security Model for Linux Servers
- What this is: A starting point for security
- What this is not
- Discuss some possible attack vectors
- Before You Begin (distro agnostic):
- LUKS for your Laptop
- LUKS for servers (with TANG)
- Linux Fundamentals (distro agnostic):
- File system permissions
- File system ACL
- Log files and rsyslog
- SSH keys/authorized keyfiles (including authorized files)
- Firewalld (with a brief introduction to figuring out if a port is open or not… nmap & other tools)
- Auditing a system (distro agnostic):
- SELinux (RHEL focused):
- confining users
- enabling for everything
- disabling a specific domain
- avoiding audit2allow
- Introduction to Ansible (distro agnostic):
- What is it?
- Ansible Basics
- Using ansible to push configuration changes for environmental consistency
- OpenSCAP (distro agnostic)
- What is it?
- Using OpenSCAP work bench
- Monitoring With Prometheus (distro agnostic)
Student Requirements and Prerequisites
Students should bring laptops with VirtualBox installed and enough disk/memory for two virtual images.
Steve Ovens is a dedicated IT professional and Linux advocate. Prior to joining Red Hat, he spent several years in financial, automotive, and movie industries. Steve currently works for Red Hat as an OpenShift consultant and has certifications ranging from the RHCA (in DevOps), to Ansible, to Containerized Applications and more. He spends a lot of time discussing technology and writing tutorials on various technical subjects with friends, family, and anyone who is interested in listening. Steve’s bio is available at LinkedIn https://www.linkedin.com/in/linuxovens/.
Date and Time
November 1, 2019
- Morning session: 8:30 AM to 12 at noon
- Lunch break: 12:00 to 1:00 PM
- Afternoon session: 1:00 PM to 4:30 PM
Go to registration page to register for the training course and select “Ohio LinuxFest Institute Professional Pass”. During the registration process, you will get an option to select your training program.