ADLER-TECH

Linux System Security: Hardening, Auditing

Duration: 3 Days Focus: Practical implementation of advanced defensive and auditing mechanisms in Linux environments.

Day 1: System Hardening and Access Control 🛡️

Module 1: System Hardening and Physical Controls

  • Authentication and Authorization (Configuration of authentication and authorization methods, including PAM and SSH).
  • Network Perimeter (Advanced firewall configuration—implementing iptables/nftables or firewalld).
  • Disk Encryption (Implementing disk encryption (LUKS/dm-crypt)).
  • Physical Security (Controlling USB memory and external media access).
  • Secure Boot (Implementing system boot security mechanisms (e.g., GRUB password, Secure Boot)).

Module 2: Mandatory Access Control (MAC)

  • SELinux Introduction (Understanding SELinux operation as a Mandatory Access Control system).
  • State Management (Switching states (Enforcing/Permissive/Disabled) and managing modes).
  • Policies and Contexts (Managing SELinux contexts and policies for services).

Module 3: Securing and Centralizing System Logs

  • Logging Services (Proper configuration of logging services (rsyslog or systemd-journald)).
  • Log Protection (Securing system logs—access control, permissions).
  • Centralized Logging (Implementing central event logging for correlation and security).

Day 2: Auditing, Monitoring, and Threat Detection 🔍

Module 4: File Integrity Monitoring (FIM)

  • Integrity Control (Implementing file integrity monitoring mechanisms (e.g., AIDE, Tripwire)).
  • Change Detection (Configuration and analysis of checksum databases to detect unauthorized modifications).

Module 5: Real-time System Auditing

  • Auditd Implementation (Configuration and use of the Auditd tool to track user and system activity).
  • Rule Creation (Defining rules for monitoring access to critical files, command execution, and configuration changes).
  • Event Analysis (Processing and analyzing Auditd logs).

Module 6: Malware Detection

  • System Scanning (Searching for rootkits, Trojans, etc. using tools like chkrootkit and rkhunter).
  • Operating Methods (Understanding how kernel and user-space rootkits function and hide).

Module 7: Vulnerability Scanning

  • Local Scanning (Scanning the system for vulnerabilities using local tools (e.g., lynis, openvas client)).
  • Risk Assessment (Analyzing reports and prioritizing security patches).

Day 3: Attacker’s Perspective and Countermeasures 💀

Module 8: Cryptography and Data Security

  • Cryptography Basics (Discussion of key elements of cryptography—symmetric, asymmetric ciphers, hashing).
  • Practical Applications (Using GPG/OpenSSL for file encryption and signing).

Module 9: Hacker’s View: Scanning and Reconnaissance

  • Remote Reconnaissance (Scanning the system for vulnerabilities from an external perspective (e.g., nmap, port scanning)).
  • Analysis (Interpreting scan results and identifying open services).

Module 10: Network Attacks and Defense

  • Sniffing (Principles of Sniffing (traffic eavesdropping) and detection methods).
  • Defense Methods (Implementing network-level countermeasures (e.g., static ARP entries) and using encryption (SSL/TLS, SSH) as a defense against sniffing).