Red Hat Server Hardening (RH413)
Server Hardening is the process of enhancing server security through a variety of means which results in a much more secure server operating environment. This is due to the advanced security measures that are put in place during the server hardening process.
Server Hardening, probably one of the most important tasks to be handled on your servers, becomes more understandable when you realize all the risks involved. The default configurations of most operating systems are not designed with security as the primary focus.
Many servers today are attacked thousands of times per hour. The best defence against such attacks is to ensure that server hardening is a well established practice within your organization or to outsource this task to an experienced & established server hardening agency.
The Red Hat Server Hardening Course aims to teach system administrators how to setup and configure system to comply with various security recommended best practices or security policy audit requirements.
Audience and Prerequisites
- Students who are Linux System administrators with at least of 1 year of experience of full time Linux experience, preferably Red Hat Enterprise Linux.
- Students who have finished RHCE Certification or have equivalent knowledge
1. Tracking Security Updates
- Gain deeper understanding of how Red Hat Maintains and publishes updates and security advisors.
- Understand Red Hat Security response and Red hat Severity scoring.
- Get deeper understanding of Common Vulnerabilities and Exposures (CVEs) and Errata
- Red Hat Security Advisory, Bug Fix Advisory, Enhancement Advisory
- Discuss package maintenance through backporting.
- Working and engaging with Red hat Security response team
2. Manage software updates
- Develop a process for applying updates to systems including verifying properties of the update.
- Learn how to apply Security updates
- How to perform GPG package signature verification
- Understand package triggers and scripts and learn how to validate them
3. Secure File Systems
- Use separate block devices to prevent critical FileSystems from overfilling
- Work with Linux Unified Key Setup (LUKS) to create and encrypted FileSystem
- Allocating FileSystems for Secure Containment
- Allocate an advanced file system layout and use file system encryption.
4. Manage File Systems
- Secure Filesystem using security related mount options (nodev, noexec, nosuid, user_xattr_acl)
- Secure individual files with file attributes (a-append, d-dump, i-immutable, S-synchronous updates, j-data journaling)
- Understand implication of setting Extended File Attributes
5. Security Threats From Special Permissions
- Understand security impact of setting special permissions on files and directories
- Learn how to audit files and directories with special permissions
- The risks of SetUID programs and build UNIX shell script to monitor such risks
6. Secure Server with Additional File Access Controls
- Reduce unwanted security risks by setting default file permissions
- Proper use of Access Control List for securing your system from uninvited access to data
7. Monitoring System with Intrusion Detection Software
- Using AIDE, create filesystem metadata database to help perform file system auditing
- Learn how to install AIDE
- Hands on practical on AIDE configuration
8. Protecting User Accounts from vulnerabilities
- How to secure system using appropriate password-aging policies
- Learn how to audit user accounts on your system
- Identify security threats by detecting duplicate system users.
9. Manage pluggable authentication modules (PAMs)
- Understand PAM syntax and configuration file in detail (/etc/pam.d)
- Learn PAM Rule Types (auth, account, password, session)
- Get deeper understanding of PAM controls.
- Configure Password complexity policy through PAM
- Apply limits to user to tighten server security
- Lock accounts with multiple failed logins
10. Securing Server Console Access
- Apply local console setting changes to comply with security policy requirements
- Learn how to secure GRUB boot loader
- Modify text console setting. Displaying acceptable user notification.
- Secure graphical console setting
- Implications of disabling Control-Alt-Delete
- How to disable poweroff and Reboot on Login window.
11. Installing Central Authentication
- Deploy both client and server centralized authentication using Red Hat Enterprise Linux Identify Management (IdM)
- Installing an Identity Management Server (IdM)
- User Administration – Adding users and group entries to Identity Management Server
- Registering a client System with Identity Management Server
12. Manage Central Authentication
- Learn How to control IdM user access
- Define password expiration policy for IdM
- Control access to both machines and services running on these machines by defining rules.
- Granting and implanting sudo access through Identify Management Server
13. Configure System Logging
- Configure Centralized remote logging server and configure clients to send messages to it.
- Use filter conditions to divide local and remote logs.
- Learn how to encrypt logs sent over the network to the central logging server.
- Understand, configure and implement log file rotation policies through logrotate.conf
14. Configure system auditing
- Understand more about Linux auditing subsystem named auditd to capture kernel messages.
- Learn how to configure auditd and how to perform remote logging with auditd.
- Decipher contents of the audit.log file to identify security events and report on auditing messages.
- Learn how to investigate system calls performed by a process by tracing a program using autrace.
- Writing, removing and inspecting custom audit rules using auditctl.
- How to use predefined audit sets for auditing compliance.
15. Controlling Access to Network Services
- Configure IPV4 and IPV6 kernel-level firewall rules.
- After understanding iptable basics learn best rule management practices.
- Build shell script to establish the current firewall to make for editing rule modification.