Securing SUSE Linux Enterprise Server 12 (SLE341)
This 3-day course introduces attendees to security topics for SUSE Linux Enterprise Server. Attendees will be introduced to the basic computer security concepts and will learn how to develop a security policy and implement a more secure SUSE environment. A variety of approaches regarding system security from physical, local and network security will be reviewed. MAC and DAC access control methods and some of its supporting tools are also included in the course objectives. Auditing as a valid method to monitor security measures is also covered. Lastly, a description of the security process at SUSE and its publicly available resources will give the attendees a better way to support their day to day SUSE Linux Enterprise Server administration and operation in a consistent and secure fashion.
This course is designed for SUSE system administrators who want to learn how to secure their systems.
SCE in Enterprise Linux or equivalent experience is strongly recommended.
3 days. Hands on.
During this course you will learn:
- Understand Security Concepts and Cryptography Basics
- Understand SUSE Security Resources and SLES 12 Security Certifications
- Secure the Boot Process
- Understand the YaST Security Module
- Understand Configurable Kernel Security Settings
- Understand the Importance of Patches and Updates
- Filesystem Security
- Secure Local User Accounts and Restricting Access to the Root Account
- Understand Systemd Session Management and Resource Control
- PAM Modules
- Delegate Administrative Privilege (sudo, polkit)
- Understand Network Packet Filtering, TCP Wrappers and Xinetd
- Restrict Network Access with Systemd
- Understand and Configure Virtual Private Networks
- Use Security Audit Tools: SUSE Seccheck, AIDE, Linux Audit Framework, Centralized Logging
- Understand the Linux Security Modules Framework (LSM)
- Understand How AppArmor and SELinux Compare
- Section 1: Introduction to Security
- Section 2: Basic System Lockdown
- Section 3: Local Account Security
- Section 4: Privilege Elevation
- Section 5: Network Service Lockdown
- Section 6: Security Audit Tools
- Section 7: Linux Security Modules