This course is designed for SUSE system administrators who want to learn how to secure their systems.
SCE in Enterprise Linux or equivalent experience is strongly recommended.
3 days. Hands on.
This 3-day course introduces attendees to security topics for SUSE Linux Enterprise Server. Attendees will be introduced to the basic computer security concepts and will learn how to develop a security policy and implement a more secure SUSE environment. A variety of approaches regarding system security from physical, local and network security will be reviewed. MAC and DAC access control methods and some of its supporting tools are also included in the course objectives. Auditing as a valid method to monitor security measures is also covered. Lastly, a description of the security process at SUSE and its publicly available resources will give the attendees a better way to support their day to day SUSE Linux Enterprise Server administration and operation in a consistent and secure fashion.
During this course you will learn:
- Understand Security Concepts and Cryptography Basics
- Understand SUSE Security Resources and SLES 12 Security Certifications
- Secure the Boot Process
- Understand the YaST Security Module
- Understand Configurable Kernel Security Settings
- Understand the Importance of Patches and Updates
- Filesystem Security
- Secure Local User Accounts and Restricting Access to the Root Account
- Understand Systemd Session Management and Resource Control
- PAM Modules
- Delegate Administrative Privilege (sudo, polkit)
- Understand Network Packet Filtering, TCP Wrappers and Xinetd
- Restrict Network Access with Systemd
- Understand and Configure Virtual Private Networks
- Use Security Audit Tools: SUSE Seccheck, AIDE, Linux Audit Framework, Centralized Logging
- Understand the Linux Security Modules Framework (LSM)
- Understand How AppArmor and SELinux Compare
Section 1: Introduction to Security
Section 2: Basic System Lockdown
Section 3: Local Account Security
Section 4: Privilege Elevation
Section 5: Network Service Lockdown
Section 6: Security Audit Tools
Section 7: Linux Security Modules