Linux Security Through Layers

Building a Layered Security Model for Linux Servers

Instructor: Steve Ovens

Overview

This session will be predominantly distro agnostic and will cover topics to build a layered model for Linux security. The session will cover many topics and tools as listed below in Learning Objectives. The session will include “show and tell” as well as some hands-on lab work.

Learning Objectives

  • Introduction:
    • What this is: A starting point for security
    • What this is not
    • Discuss some possible attack vectors
  • Before You Begin (distro agnostic):
    • LUKS for your Laptop
    • LUKS for servers (with TANG)
  • Linux Fundamentals (distro agnostic):
    • File system permissions
    • File system ACL
    • get/setfacl
    • Log files and rsyslog
    • SSH keys/authorized keyfiles (including authorized files)
    • Firewalld (with a brief introduction to figuring out if a port is open or not… nmap & other tools)
  • Auditing a system (distro agnostic):
    • auditd
    • aureport/ausearch
    • aide
  • SELinux (RHEL focused):
    • confining users
    • enabling for everything
    • disabling a specific domain
    • troubleshooting
    • avoiding audit2allow
  • Introduction to Ansible (distro agnostic):
    • What is it?
    • Ansible Basics
    • Using ansible to push configuration changes for environmental consistency
  • OpenSCAP (distro agnostic)
    • What is it?
    • Using OpenSCAP work bench
  • Monitoring With Prometheus (distro agnostic)

Student Requirements and Prerequisites

Students should bring laptops with VirtualBox installed and enough disk/memory for two virtual images.

Instructor’s Bio

Steve Ovens is a dedicated IT professional and Linux advocate. Prior to joining Red Hat, he spent several years in financial, automotive, and movie industries. Steve currently works for Red Hat as an OpenShift consultant and has certifications ranging from the RHCA (in DevOps), to Ansible, to Containerized Applications and more. He spends a lot of time discussing technology and writing tutorials on various technical subjects with friends, family, and anyone who is interested in listening. Steve’s bio is available at LinkedIn https://www.linkedin.com/in/linuxovens/.

Date and Time

November 1, 2019

  • Morning session: 8:30 AM to 12 at noon
  • Lunch break: 12:00 to 1:00 PM
  • Afternoon session: 1:00 PM to 4:30 PM

Registration

Go to registration page to register for the training course and select “Ohio LinuxFest Institute Professional Pass”. During the registration process, you will get an option to select your training program.