Securing Linux and Unix Training

Print Friendly, PDF & Email

Securing Linux and Unix Training Course Hands-on

Securing Linux and Unix Training course provides in-depth coverage of Linux and Unix security issues that includes specific configuration guidance and practical, real-world examples, tips, and tricks. We examine how to mitigate or eliminate general problems that apply to all Unix-like operating systems, including vulnerabilities in the password authentication system, file system, virtual memory system, and applications that commonly run on Linux and Unix.

The Securing Linux and Unix Training course will teach you the skills to use freely available tools to handle security issues, including SSH, AIDE, sudo, lsof, and many others. SANS' practical approach uses hand-on exercises every day to ensure that you will be to use these tools as soon as you return to work. We will also put these tools to work in a special section that covers simple forensic techniques for investigating compromised systems.

Duration: 6 days

Securing Linux and Unix Training Related Courses

Customize It

• We can adapt this Securing Linux and Unix Training course to your group’s background and work requirements at little to no added cost.
• If you are familiar with some aspects of this Securing Linux and Unix Training course, we can omit or shorten their discussion.
• We can adjust the emphasis placed on the various topics or build the Securing Linux and Unix Training course around the mix of technologies of interest to you (including technologies other than those included in this outline).
• If your background is nontechnical, we can exclude the more technical topics, include the topics that may be of special interest to you (e.g., as a manager or policy-maker), and present the Securing Linux and Unix Training course in manner understandable to lay audiences.

Audience / Target Group

• Security professionals looking to learn the basics of securing Unix operating systems.
• Experienced administrators looking for in-depth descriptions of attacks on Unix systems and how they can be prevented.
• Administrators needing information on how to secure common Internet applications on the Unix platform.
• Auditors, incident responders, and information security analysts who need greater visibility into Linux and Unix security tools, procedures, and best practices.


• Students must possess at least a working knowledge of Unix. Most students who attend this course have a minimum of 3-5 years of Unix system administration experience.

Securing Linux and Unix Training - Objectives:

After completing this Securing Linux and Unix Training course, attendees will be able to:

• Significantly reduce the number of vulnerabilities in the average Linux/Unix system by disabling unnecessary services.
• Protect your systems from buffer overflows, denial-of-service, and physical access attacks by leveraging OS configuration settings.
• Configure host-based firewalls to block attacks from outside.
• Deploy SSH to protect administrative sessions, and leverage SSH functionality to securely automate routine administrative tasks.
• Use sudo to control and monitor administrative access.
• Create a centralized logging infrastructure with Syslog-NG, and deploy log monitoring tools to scan for significant events
• Use SELinux to effectively isolate compromised applications from harming other system services.
• Securely configure common Internet-facing applications such as Apache and BIND.
• Investigate compromised Linux/Unix systems with Sleuthkit, lsof, and other open-source tools.
• Understand attacker rootkits and how to detect them with AIDE and rkhunter/chkrootkit.

Securing Linux and Unix Training - Course Content:

1. Hardening Linux/Unix Systems, Part 1

Memory Attacks and Overflows
Stack and Heap Overflows
Format String Attacks
Stack Protection
Vulnerability Minimization
Minimization vs. Patching
OS Minimization
Patching Strategies
Boot-Time Configuration
Reducing Services
systemd vs init
Email Configuration
Legacy Services
Encrypted Access
Session Hijacking Exploits
The Argument For Encryption
SSH Configuration
Host-Based Firewalls
IP Tables and Other Alternatives
Simple Single-Host Firewalls
Managing and Automating Rule Updates

2. Hardening Linux/Unix Systems, Part 2

Rootkits and Malicious Software
Backdoors and Rootkits
Kernel Rootkits
chkrootkit and rkhunter
File Integrity Assessment
Overview of AIDE
Basic Configuration
Typical Usage
Physical Attacks and Defenses
Known Attacks
Single User Mode Security
Boot Loader Passwords
User Access Controls
Password Threats and Defenses
User Access Controls
Environment Settings
Root Access Control With Sudo
Features and Common Uses
Known Issues and Work-Arounds
Warning Banners
Suggested Content
Implementation Issues
Kernel Tuning For Security
Network Tuning
System Resource Limits
Restricting Core Files

3. Hardening Linux/Unix Systems, Part 3

Automating Tasks With SSH
Why and How
Public Key Authentication
ssh-agent and Agent Forwarding
Conceptual Overview
SSH Configuration
Tools and Scripts
Linux/Unix Logging Overview
Syslog Configuration
System Accounting
Process Accounting
Kernel-Level Auditing
SSH Tunneling
X11 Forwarding
TCP Forwarding
Reverse Tunneling Issues
Centralized Logging With Syslog-NG
Why You Care
Basic Configuration
Hints and Hacks for Tunneling Log Data
Log Analysis Tools and Strategies

4. Application Security, Part 1

chroot() for Application Security
What is chroot()?
How Do You chroot()?
Known Security Issues
The SCP-Only Shell
What It Is and How It Works
Configuring chroot() directory
Automounter Hacks for Large-Scale Deployments
SELinux Basics
Overview of Functionality
Navigation and Command Interface
Troubleshooting Common Issues
SELinux and the Reference Policy
Tools and Prerequisites
Creating and Loading an Initial Policy
Testing and Refining Your Policy
Deploying Policy Files

5. Application Security, Part 2

Common Security Issues
Split-horizon DNS
Configuration for Security
Running BIND chroot()ed
Implementation Issues
Generating Keys and Signing Zones
Key "Rollover"
Automation Tools
Secure Directory Configuration
Configuration/Installation Choices
User Authentication
SSL Setup
Web Application Firewalls with mod_security
Introduction to Common Configurations
Dependencies and Prerequisites
Core Rules
Installation and Debugging

6. Digital Forensics for Linux/Unix

Tools Throughout
The Sleuth Kit
lsof and Other Critical OS Commands
Forensic Preparation and Best Practices
Basic Forensic Principles
Importance of Policy
Forensic Infrastructure
Building a Desktop Analysis Laboratory
Incident Response and Evidence Acquisition
Incident Response Process
Vital Investigation Tools
Taking a Live System Snapshot
Creating Bit Images
Media Analysis
File System Basics
MAC Times and Timeline Analysis
Recovering Deleted Files
Searching Unallocated Space
String Searches
Incident Reporting
Critical Elements of a Report
Lessons Learned
Calculating Costs

Request More Information

Time Frame: 0-3 Months4-12 Months

No Comments Yet.

Leave a comment