Center for Qualified CyberSecurity Excellence & Mastery

Get Q/ualified!

Linux / UNIX Security

Participate in one of the World's Strongest Linux Communities and enhance your Career! Get Serious. Get a Job. Get Promoted.

Linux Essentials Certificate Program - Linux essentials will prepare the next generation of It workers to fill the must-have skills of the future: knowledge of multiple computing environments, knowledge sharing, open source basics, and a dedication to the profession.

Navigate the best route to a globally recognized IT certification w/ SU Q/ISP Certificate Program - Our certification programs meet the exacting standard of both IT professionals and the organization that employ them. Get certified with the widely-recognized world leader.

The Linux Professional Institute (LPI) and Security University is proud to announce an innovative "first-of-its-kind" program for the academic sector, youth and others new to the world of Linux and Open Source technology.

The "Linux Essentials" program prepares the next generation to acquire the advanced skills needed to fill increasing shortages of workers in today's mixed IT environments. It supports government and educational authorities bringing Linux and Open Source to the classroom at much younger ages. Supporting learning and fun through skills competitions like World Skills and Euroskills. Supporting international collaboration and the development of teacher-tested educational initiatives for the classroom.

This fast-paced, hands-on class will teach you how to secure UNIX and lock down Linux to protect a system from compromise. You'll learn how the attacks work and how to use hard-core hardening to defeat the bulk of them. You'll learn how to take your machines to a state of minimum necessary risk.

This hands-on class teaches you how to tighten all major aspects of the operating system for security, balancing this with with the purpose of the system and the needs of your organization. You'll learn how to tune kernel and operating system parameters, deactivate components, and tighten the components that remain. You'll examine major server applications tightening, including Apache, Sendmail, WU-FTPd, vsftpd, and BIND. Along the way, you'll understand how external and internal attackers use privilege escalation and how you can lessen their odds of gaining root. You'll also learn to apply key security concepts, from defense-in-depth to least privilege to risk evaluation, to determine what actions you should take and in what order of priority.

Class Fee: $2,995
Time: 8:00 AM - 5:00PM
Location: Click here to view the class schedule
CPE Credits: 50
Prerequisites: Understanding of TCP/IP protocols

Method of Delivery - Residential On Ground
Method of Evaluation: 1. 95 % attendance 2. 100 % completion of Lab
Grading: Pass = 95% Attendance and 100% Completion of Labs and Practical
Fail => 95% Attendance and > 100% Completion of Labs and Practical

Who Should Attend:

System administrators, security administrators, security auditors. Unix box owners. Anyone who has a vested interest in keeping their systems from being compromised.

This course targets system or network administrators and security admins/auditors with an understanding of Unix commands and basic operating system functions.

What You Will Learn:

Students will gain a general understanding of how to harden systems to prevent or contain a system compromise. While we work on Linux and Solaris, the material does apply broadly to all Unix variants.

Students will leave this class with the ability to:

Each student will practice the techniques learned on their own Linux system.

For more information on the launch of Linux Essentials in that region see: http://www.lpi.org/news/lpi-announces-linux-essentials-progr...

Linux Essentials Exam

The Linux Essentials exam is a recommended, not required, pre-requisite for training in the LPIC professional program. Exams are delivered in schools and training centres around the world. To locate the centre nearest you, please contact your local LPI Affiliate.

This is a required exam for Linux Essentials Certificate. It covers basic knowledge for those working and studying in Open Source and various distributions of Linux.

Each objective is assigned a weighting value. The weights range roughly from 1 to 10 and indicate the relative importance of each objective. Objectives with higher weights will be covered in the exam with more questions.

  1. The Linux community and a career in open source
  2. Finding your way on a Linux system
  3. The power of the command line
  4. The Linux operating system
  5. Security and file permissions

Topic 1:The Linux Community and a Career in Open Source

1.1 Linux Evolution and Popular Operating Systems

Key Knowledge Areas

The following is a partial list of the used files, terms and utilities:

1.2 Major Open Source Applications

Key Knowledge Areas

The following is a partial list of the used files, terms and utilities:

1.3 Understanding Open Source Software and Licensing

Key Knowledge Areas

The following is a partial list of the used files, terms and utilities:

1.4 ICT Skills and Working in Linux

Key Knowledge Areas

The following is a partial list of the used files, terms and utilities:

Topic 2: Finding Your Way on a Linux System (weight: 8)

2.1 Command Line Basics

Key Knowledge Areas

The following is a partial list of the used files, terms and utilities:

Nice to know

2.2 Using the Command Line to Get Help

Key Knowledge Areas

The following is a partial list of the used files, terms and utilities:

Nice to know

2.3 Using Directories and Listing Files

Key Knowledge Areas

The following is a partial list of the used files, terms and utilities:

2.4 Creating, Moving and Deleting Files

Key Knowledge Areas

The following is a partial list of the used files, terms and utilities:

Topic 3: The Power of the Command Line (weight: 10)

3.1 Archiving Files on the Command Line

Key Knowledge Areas

The following is a partial list of the used files, terms and utilities:

Nice to know

3.2 Searching and Extracting Data from Files

Key Knowledge Areas

The following is a partial list of the used files, terms and utilities:

Nice to know

3.3 Turning Commands into a Script

Key Knowledge Areas

The following is a partial list of the used files, terms and utilities:

Nice to know

Topic 4: The Linux Operating System (weight: 8)

4.1 Choosing an Operating System

Key Knowledge Areas

The following is a partial list of the used files, terms and utilities:

4.2 Understanding Computer Hardware

Key Knowledge Areas

The following is a partial list of the used files, terms and utilities:

4.3 Where Data is Stored

Key Knowledge Areas

The following is a partial list of the used files, terms and utilities:

4.4 Your Computer on the Network

Key Knowledge Areas

The following is a partial list of the used files, terms and utilities:

Nice to know

Topic 5: Security and File Permissions (weight: 7)

5.1 Basic Security and Identifying User Types

Key Knowledge Areas

The following is a partial list of the used files, terms and utilities:

Nice to know

5.2 Creating Users and Groups

Key Knowledge Areas

The following is a partial list of the used files, terms and utilities:

Nice to know

5.3 Managing File Permissions and Ownership

Key Knowledge Areas

The following is a partial list of the used files, terms and utilities:

Nice to know

5.4 Special Directories and Files

Key Knowledge Areas

The following is a partial list of the used files, terms and utilities:

Nice to know

Day 3:
Core Operating Sytem Hardening
 
The first day of the course will focus on core operating system hardening, teaching students how to thoroughly audit and lock down a Linux system. This process is tailored very closely to a system’s purpose, such that it optimizes a system for the greatest security that is operationally possible. Single-purpose bastion hosts obviously see the most benefit, though general purpose sysadmin workstations still gain a good deal of resistance to break-in. This first day will cover the following major areas/tasks:

Boot Security and Physical Security
An attacker with physical access to a Linux machine can usually gain root with trivial attacks. Students will learn both the attacks and how to defend against them.

The Vulnerability Cycle and Patching Recommendations
Many vulnerabilities can be trivially countered by applying patches. On the other hand, applying patches is not easy in an enterprise environment. Students will learn the background required to make intelligent patching decisions and will be introduced to tools which automate this process.

Network Daemon Audit
Programs that listen to the network provide most outside attackers with their first access to a victim system. Students will learn how to audit the system for network-accessible daemons. By learning the purpose of each daemon, students will learn how to greatly decrease a hosts’ network presence.

General Daemon Audit
Once an attacker has some kind of access to a system, privileged system daemons present a primary avenue for further attack and privilege escalation. Students will learn to audit these daemons. By learning the purpose of each one, students will learn which daemons they can safely deactivate.

Host-based Firewall Construction
Once the system’s set of listening network daemons has been reduced, it’s accessibility to attackers via the network can be further shored up by adding a host-based firewall. Students will be introduced to simple stateful firewalling that can be applied to individual hosts.

Set-UID Audit
Outside of already-running system daemons, Set-UID programs represent the most commonly-used method of privilege escalation. These programs give a user a temporary privilege increase to perform a specific task -- unfortuntately, that privilege increase becomes general and non-temporary when these programs are successfully attacked. Students will learn how to audit these programs and maintainably reduce an attacker’s ability to use them to attack the system.

Permissions Audit
Poor file permissions can allow an ordinary user to gain system user privileges or to access/compromise data. Students will be introduced to a basic permissions audit.

Day 4/5:
Server Application Hardening

The second day of the course will focus on server application hardening. Students will learn how to apply access control mechanisms to particular server functionalities, how to prune out server functionality that’s not in use, and how to confine server processes so that a compromised server application does not necessarily compromise the entire system.

Students will also be introduced to real network/server architecture changes that can greatly increase security at a site. Learning to harden these servers is extremely important to the security of an organization, both because of their important functions and because they are widely accessible resources. Finally, students will learn to build a chroot prison for each network service, to prevent a compromised service on a system from turning into a fully-compromised system.

Tightening DNS Servers
An attacker who can compromise an organization’s internal DNS server can re-route much of the important traffic on a network. An attacker who can compromise an organization’s external DNS server can re-route traffic away from the organization. In either case, he can usually gain a foothold to attack the internal network.

Students will learn how to configure Unix BIND DNS servers for much greater resiliency to attack. As a part of this, they will learn how to configure Split-Horizon DNS and BIND 9 “views,” to greatly reduce the external accessibility of internal DNS servers. They will also learn how to confine DNS server programs so that, if successfully attacked, they will not grant an attacker either the ability to easily modify data or to compromise the host operating system.

Tightening FTP Servers
FTP servers represent one of the more often-vulnerable Unix network daemons in the past five years. Students will learn how to configure an FTP server to be more resistant to attacks by learning how past attacks have worked and how best practices can defeat these attacks. This focuses on both vsftpd and wu-ftpd.

Tightening Apache Web Servers
Web servers represent the single most multipurpose publically-accessible server application in use today. Apache, in particular, has a lead in market share specifically because of the extremely wide array of functions that it can serve and the ease in which an increasing community of developers can add functionality. This wide scope of functionality, of course, comes with a cost -- it increases the probability that the server will contain vulnerable code.

Students will learn how to configure Apache security modules and how to configure an Apache webserver to offer only what functionality is used by their site. They will also learn some of the weaknesses of the CGI model and how they can address them with programs like suexec and cgiwrap. Finally, they will learn how to greatly reduce their chances of having vulnerable code deployed by removing Apache modules that are not in use at their site.

Tightening the Sendmail Mail Server
Sendmail was traditionally one of the weakest components of any Unix operating system. While vulnerabilities are very uncommon, they tend to bring extreme consequences, both because Sendmail runs with root privilege and because so much sensitive data moves through e-mail.

Students will learn how to tighten Sendmail’s configuration against attack, looking at jailing the Sendmail process, dropping its privilege level, and configuring it for better resistance to attack and spam. They’ll also learn how to deploy a split horizon (internal/external) model to their mail servers, to protect the internal mail server and its valuable data from external attack.

he Linux Essentials program has been under development by LPI for approximately two years and includes the participation of qualification authorities, academic partners, private trainers, publishers, government organizations, volunteer IT professionals and Linux and Open Source experts. The single Linux Essentials' exam leads to a "Certificate of Achievement" recognizing knowledge of the following subject matter:

* The Linux Community and a Career in Open Source