Realtime website analytics




Q/ISP non degree CyberSecurity Certificate of Mastery

Linux /UNIX Security

Participate in one of the World's Strongest Linux Communities and enhance your Career! Get Serious. Get a Job. Get Promoted.

Linux Essentials Certificate Program - Linux essentials will prepare the next generation of It workers to fill the must-have skills of the future: knowledge of multiple computing environments, knowledge sharing, open source basics, and a dedication to the profession.

Navigate the best route to a globally recognized IT certification w/ SU Q/ISP Certificate Program - Our certification programs meet the exacting standard of both IT professionals and the organization that employ them. Get certified with the widely-recognized world leader.

The Linux Professional Institute (LPI) and Security University is proud to announce an innovative "first-of-its-kind" program for the academic sector, youth and others new to the world of Linux and Open Source technology.

The "Linux Essentials" program prepares the next generation to acquire the advanced skills needed to fill increasing shortages of workers in today's mixed IT environments. It supports government and educational authorities bringing Linux and Open Source to the classroom at much younger ages. Supporting learning and fun through skills competitions like World Skills and Euroskills. Supporting international collaboration and the development of teacher-tested educational initiatives for the classroom.

This fast-paced, hands-on class will teach you how to secure UNIX and lock down Linux to protect a system from compromise. You'll learn how the attacks work and how to use hard-core hardening to defeat the bulk of them. You'll learn how to take your machines to a state of minimum necessary risk.

This hands-on class teaches you how to tighten all major aspects of the operating system for security, balancing this with with the purpose of the system and the needs of your organization. You'll learn how to tune kernel and operating system parameters, deactivate components, and tighten the components that remain. You'll examine major server applications tightening, including Apache, Sendmail, WU-FTPd, vsftpd, and BIND. Along the way, you'll understand how external and internal attackers use privilege escalation and how you can lessen their odds of gaining root. You'll also learn to apply key security concepts, from defense-in-depth to least privilege to risk evaluation, to determine what actions you should take and in what order of priority.

Class Fee: $2,995
Time: 8:00 AM - 5:00PM
Location: Click here to view the class schedule
CPE Credits: 50
Prerequisites: Understanding of TCP/IP protocols
Method of Delivery - Residential On Ground
Method of Evaluation: 1. 95 % attendance 2. 100 % completion of Lab
Grading: Pass = 95% Attendance and 100% Completion of Labs and Practical
Fail => 95% Attendance and > 100% Completion of Labs and Practical

Who Should Attend:
System administrators, security administrators, security auditors. Unix box owners. Anyone who has a vested interest in keeping their systems from being compromised.

This course targets system or network administrators and security admins/auditors with an understanding of Unix commands and basic operating system functions.

What You Will Learn:
Students will gain a general understanding of how to harden systems to prevent or contain a system compromise. While we work on Linux and Solaris, the material does apply broadly to all Unix variants.

Students will leave this class with the ability to:

  • Configure Solaris and Linux for much greater resilience to attack.
  • Understand each Solaris and Linux network service and be capable of judging which can or cannot be safely restricted or deactivated.
  • Understand each Solaris and Linux boot script and be capable of judging which scripts can or cannot be safely deactivated.
  • Audit the Solaris and Linux file permissions and Set-UID/GID programs to combat compromise and escape privilege escalation.
  • Configure Apache Web servers for greater resistance to attack.
  • Configure vsftpd FTP servers for greater resistance to attack.
  • Configure a Linux-based firewall
  • Passwords Attacks and Alternative Authentication Techniques
  • Memory Attacks, Buffer Overflows
  • Configure BIND DNS servers to greater resistance to attack.
  • Trojan Horse Programs and Rootkits
  • Network-Based Attacks
  • Configure Sendmail Mail servers for greater resistance to attack.
  • Configure POP and IMAP servers for greater resistance to attack.
  • Vulnerability Scanning Tools
  • Monitoring and Alerting Tools
  • Audit systems with free tools to find better security settings, including Bastille, Titan and the Center for Internet Security's tools
  • Network Security Tools
  • Configure WU-FTPd FTP servers for greater resistance to attack.
  • SSH for Secure Administration
  • Forensic Investigation
  • Understand and set kernel and operating system variables for best security
  • Unix Logging and Kernel-Level Auditing
  • Network Time Protocol
  • Solaris and Linux Security
  • Secure Configuration of BIND, Sendmail, Apache
  • Common Issues with Users and Management

Each student will practice the techniques learned on their own Linux system.

For more information on the launch of Linux Essentials in that region see:

Linux Essentials Exam

The Linux Essentials exam is a recommended, not required, pre-requisite for training in the LPIC professional program. Exams are delivered in schools and training centres around the world. To locate the centre nearest you, please contact your local LPI Affiliate.

This is a required exam for Linux Essentials Certificate. It covers basic knowledge for those working and studying in Open Source and various distributions of Linux.

Each objective is assigned a weighting value. The weights range roughly from 1 to 10 and indicate the relative importance of each objective. Objectives with higher weights will be covered in the exam with more questions.

  1. The Linux community and a career in open source
  2. Finding your way on a Linux system
  3. The power of the command line
  4. The Linux operating system
  5. Security and file permissions

Topic 1:The Linux Community and a Career in Open Source

1.1 Linux Evolution and Popular Operating Systems

  • Weight 2
  • Description Knowledge of Linux development and major distributions

Key Knowledge Areas

  • Open Source Philosophy
  • Distributions
  • Embedded Systems

The following is a partial list of the used files, terms and utilities:

  • Android
  • Debian
  • CentOS

1.2 Major Open Source Applications

  • Weight 2
  • Description Awareness of major applications and their uses.

Key Knowledge Areas

    Desktop Applications
  • Server Applications
  • Mobile Applications
  • Development Languages
  • Package Management Tools and repositories

The following is a partial list of the used files, terms and utilities:

  •, LibreOffice, Thunderbird, Firefox
  • Blender, Gimp, Audacity, ImageMagick
  • Apache, MySQL, PostgreSQL
  • NFS, Samba, OpenLDAP, Postfix, DNS, DHCP
  • C, Perl, shell, Python, PHP

1.3 Understanding Open Source Software and Licensing

  • Weight 1
  • Description Open communities and licensing Open Source Software for business.

Key Knowledge Areas

  • Licensing
  • Free Software Foundation (FSF), Open Source Initiative (OSI)

The following is a partial list of the used files, terms and utilities:

  • GPL, BSD, Creative Commons
  • Free Software, Open Source Software, FOSS, FLOSS
  • Open Source business models

1.4 ICT Skills and Working in Linux

  • Weight 2
  • Description Basic Information and Communication Technology (ICT) skills and working in Linux

Key Knowledge Areas

  • Desktop Skills
  • Getting to the Command Line
  • Industry uses of Linux, Cloud Computing and Virtualization

The following is a partial list of the used files, terms and utilities:

  • Using a browser, privacy concerns, configuration options, searching the web and saving content
  • Terminal and Console
  • Password issues
  • Privacy issues and tools
  • Use of common open source applications in presentations and projects

Topic 2: Finding Your Way on a Linux System (weight: 8)

2.1 Command Line Basics

  • Weight 2
  • Description Basics of using the Linux command line.

Key Knowledge Areas

  • Basic shell
  • Formatting commands
  • Working With Options
  • Variables
  • Globbing
  • Quoting

The following is a partial list of the used files, terms and utilities:

  • echo
  • history
  • PATH env variable
  • which

Nice to know

  • Substitutions
  • ||, && and ; control operators

2.2 Using the Command Line to Get Help

  • Weight 2
  • Description Running help commands and navigation of the various help systems

Key Knowledge Areas

  • Man
  • Info

The following is a partial list of the used files, terms and utilities:

  • man
  • info
  • Man pages
  • /usr/share/doc
  • locate

Nice to know

  • apropos, whatis, whereis

2.3 Using Directories and Listing Files

  • Weight 2
  • Description Navigation of home and system directories and listing files in various locations.

Key Knowledge Areas

  • Files, directories
  • Hidden files and directories
  • Home
  • Absolute and relative paths

The following is a partial list of the used files, terms and utilities:

  • Common options for ls
  • Recursive listings
  • cd
  • . and ..
  • home and ~

2.4 Creating, Moving and Deleting Files

  • Weight 2
  • Description Create, move and delete files and directories under the home directory.

Key Knowledge Areas

  • Files and directories
  • Case sensitivity
  • Simple globbing and quoting

The following is a partial list of the used files, terms and utilities:

  • mv, cp, rm, touch
  • mkdir, rmdir

Topic 3: The Power of the Command Line (weight: 10)

3.1 Archiving Files on the Command Line

  • Weight 2
  • Description Archiving files in the user home directory

Key Knowledge Areas

  • Files, directories
  • Archives, compression

The following is a partial list of the used files, terms and utilities:

  • tar
  • Common tar options
  • gzip, bzip2
  • zip, unzip

Nice to know

  • Extracting individual files from archives

3.2 Searching and Extracting Data from Files

  • Weight 4
  • Description Search and extract data from files in the home directory.

Key Knowledge Areas

  • Command line pipes
  • I/O re-direction
  • Partial POSIX Regular Expressions (., [ ], *, ?)

The following is a partial list of the used files, terms and utilities:

  • find
  • grep
  • less
  • head, tail
  • sort
  • cut
  • wc

Nice to know

  • Partial POSIX Basic Regular Expressions ([^ ], ^, $)
  • Partial POSIX Extended Regular Expressions (+, ( ), |)
  • xargs

3.3 Turning Commands into a Script

  • Weight 4
  • Description Turning repetitive commands into simple scripts.

Key Knowledge Areas

  • Basic text editing
  • Basic shell scripting

The following is a partial list of the used files, terms and utilities:

  • /bin/sh
  • Variables
  • Arguments
  • for loops
  • echo
  • Exit status

Nice to know

  • pico, nano, vi (only basics for creating scripts)
  • Bash
  • if, while, case statements
  • read and test, and [ commands

Topic 4: The Linux Operating System (weight: 8)

4.1 Choosing an Operating System

  • Weight 1
  • Description Knowledge of major operating systems and Linux distributions

Key Knowledge Areas

  • Windows, Mac, Linux differences
  • Distribution life cycle management

The following is a partial list of the used files, terms and utilities:

  • GUI versus command line, desktop configuration
  • Maintenance cycles, Beta and Stable

4.2 Understanding Computer Hardware

  • Weight 2
  • Description Familiarity with the components that go into building desktop and server computers

Key Knowledge Areas

  • Hardware

The following is a partial list of the used files, terms and utilities:

  • Hard drives and partitions, motherboards, processors, power supplies, optical drives, peripherals
  • Display types
  • Drivers

4.3 Where Data is Stored

  • Weight 3
  • Description Where various types of information are stored on a Linux system.

Key Knowledge Areas

  • Kernel
  • Processes
  • syslog, klog, dmesg
  • /lib, /usr/lib, /etc, /var/log

The following is a partial list of the used files, terms and utilities:

  • Programs, libraries, packages and package databases, system configuration
  • Processes and process tables, memory addresses, system messaging and logging
  • ps, top, free

4.4 Your Computer on the Network

  • Weight 2
  • Description Querying vital networking settings and determining the basic requirements for a computer on a Local Area Network (LAN).

Key Knowledge Areas

  • Internet, network, routers
  • Domain Name Service
  • Network configuration

The following is a partial list of the used files, terms and utilities:

  • route
  • resolv.conf
  • IPv4, IPv6
  • ifconfig
  • netstat
  • ping

Nice to know

  • ssh
  • dig

Topic 5: Security and File Permissions (weight: 7)

5.1 Basic Security and Identifying User Types

  • Weight 2
  • Description Various types of users on a Linux system

Key Knowledge Areas

  • Root and Standard Users
  • System users

The following is a partial list of the used files, terms and utilities:

  • /etc/passwd, /etc/group
  • id, who, w
  • sudo

Nice to know

  • su

5.2 Creating Users and Groups

  • Weight 2
  • Description Creating users and groups on a Linux system

Key Knowledge Areas

  • User and group commands
  • User IDs

The following is a partial list of the used files, terms and utilities:

  • /etc/passwd, /etc/shadow, /etc/group
  • id, last
  • useradd, groupadd
  • passwd

Nice to know

  • usermod, userdel
  • groupmod, groupdel

5.3 Managing File Permissions and Ownership

  • Weight 2
  • Description Understanding and manipulating file permissions and ownership settings

Key Knowledge Areas

  • File/directory permissions and owners

The following is a partial list of the used files, terms and utilities:

  • ls -l
  • chmod, chown

Nice to know

  • chgrp

5.4 Special Directories and Files

  • Weight 1
  • Description Special directories and files on a Linux system including special permissions

Key Knowledge Areas

  • System files, libraries
  • Symbolic links

The following is a partial list of the used files, terms and utilities:

  • /etc, /var
  • /tmp, /var/tmp and Sticky Bit
  • ls -d
  • ln -s

Nice to know

  • Hard links
  • Setuid/Setgid

Day 3:
Core Operating Sytem Hardening
The first day of the course will focus on core operating system hardening, teaching students how to thoroughly audit and lock down a Linux system. This process is tailored very closely to a system’s purpose, such that it optimizes a system for the greatest security that is operationally possible. Single-purpose bastion hosts obviously see the most benefit, though general purpose sysadmin workstations still gain a good deal of resistance to break-in. This first day will cover the following major areas/tasks:

Boot Security and Physical Security
An attacker with physical access to a Linux machine can usually gain root with trivial attacks. Students will learn both the attacks and how to defend against them.

The Vulnerability Cycle and Patching Recommendations
Many vulnerabilities can be trivially countered by applying patches. On the other hand, applying patches is not easy in an enterprise environment. Students will learn the background required to make intelligent patching decisions and will be introduced to tools which automate this process.

Network Daemon Audit
Programs that listen to the network provide most outside attackers with their first access to a victim system. Students will learn how to audit the system for network-accessible daemons. By learning the purpose of each daemon, students will learn how to greatly decrease a hosts’ network presence.

General Daemon Audit
Once an attacker has some kind of access to a system, privileged system daemons present a primary avenue for further attack and privilege escalation. Students will learn to audit these daemons. By learning the purpose of each one, students will learn which daemons they can safely deactivate.

Host-based Firewall Construction
Once the system’s set of listening network daemons has been reduced, it’s accessibility to attackers via the network can be further shored up by adding a host-based firewall. Students will be introduced to simple stateful firewalling that can be applied to individual hosts.

Set-UID Audit
Outside of already-running system daemons, Set-UID programs represent the most commonly-used method of privilege escalation. These programs give a user a temporary privilege increase to perform a specific task -- unfortuntately, that privilege increase becomes general and non-temporary when these programs are successfully attacked. Students will learn how to audit these programs and maintainably reduce an attacker’s ability to use them to attack the system.

Permissions Audit
Poor file permissions can allow an ordinary user to gain system user privileges or to access/compromise data. Students will be introduced to a basic permissions audit.

Day 4/5:
Server Application Hardening

The second day of the course will focus on server application hardening. Students will learn how to apply access control mechanisms to particular server functionalities, how to prune out server functionality that’s not in use, and how to confine server processes so that a compromised server application does not necessarily compromise the entire system.

Students will also be introduced to real network/server architecture changes that can greatly increase security at a site. Learning to harden these servers is extremely important to the security of an organization, both because of their important functions and because they are widely accessible resources. Finally, students will learn to build a chroot prison for each network service, to prevent a compromised service on a system from turning into a fully-compromised system.

Tightening DNS Servers
An attacker who can compromise an organization’s internal DNS server can re-route much of the important traffic on a network. An attacker who can compromise an organization’s external DNS server can re-route traffic away from the organization. In either case, he can usually gain a foothold to attack the internal network.

Students will learn how to configure Unix BIND DNS servers for much greater resiliency to attack. As a part of this, they will learn how to configure Split-Horizon DNS and BIND 9 “views,” to greatly reduce the external accessibility of internal DNS servers. They will also learn how to confine DNS server programs so that, if successfully attacked, they will not grant an attacker either the ability to easily modify data or to compromise the host operating system.

Tightening FTP Servers
FTP servers represent one of the more often-vulnerable Unix network daemons in the past five years. Students will learn how to configure an FTP server to be more resistant to attacks by learning how past attacks have worked and how best practices can defeat these attacks. This focuses on both vsftpd and wu-ftpd.

Tightening Apache Web Servers
Web servers represent the single most multipurpose publically-accessible server application in use today. Apache, in particular, has a lead in market share specifically because of the extremely wide array of functions that it can serve and the ease in which an increasing community of developers can add functionality. This wide scope of functionality, of course, comes with a cost -- it increases the probability that the server will contain vulnerable code.

Students will learn how to configure Apache security modules and how to configure an Apache webserver to offer only what functionality is used by their site. They will also learn some of the weaknesses of the CGI model and how they can address them with programs like suexec and cgiwrap. Finally, they will learn how to greatly reduce their chances of having vulnerable code deployed by removing Apache modules that are not in use at their site.

Tightening the Sendmail Mail Server
Sendmail was traditionally one of the weakest components of any Unix operating system. While vulnerabilities are very uncommon, they tend to bring extreme consequences, both because Sendmail runs with root privilege and because so much sensitive data moves through e-mail.

Students will learn how to tighten Sendmail’s configuration against attack, looking at jailing the Sendmail process, dropping its privilege level, and configuring it for better resistance to attack and spam. They’ll also learn how to deploy a split horizon (internal/external) model to their mail servers, to protect the internal mail server and its valuable data from external attack.

he Linux Essentials program has been under development by LPI for approximately two years and includes the participation of qualification authorities, academic partners, private trainers, publishers, government organizations, volunteer IT professionals and Linux and Open Source experts. The single Linux Essentials' exam leads to a "Certificate of Achievement" recognizing knowledge of the following subject matter:

* The Linux Community and a Career in Open Source


Current Schedule
Site Map SU Policies Webmaster Contact Us Opt-Out Testimonials Advertise Brochure
Copyright © 2017 Security University, Inc. All rights reserved.
Translate this page to