• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

The Urban Penguin

The Urban Penguin - Linux Training

  • Home
  • About
  • Live Online Courses
  • Shop
  • RHCSA Guide
  • Programming
    • Master Editing Text Files Using VIM
    • Learn Shell Scripting with BASH
    • PERL Scripting in Linux
    • Ruby Scripting in Linux
    • Scripting with PowerShell
    • Learn C Programming using Linux and the Raspberry Pi
    • General Java Tutorials
    • Java 7 OCA Exam 1ZO-803
  • OS Tutorials
    • Red Hat and CentOS Training
      • Red Hat Enterprise Linux System Administration 1 – RH124
      • RHCSA – System Admin 2 – RH134
      • RHCE – EX294 – Automation With Ansible
    • Learning Ubuntu
    • LPI Training
      • LPI Linux Essentials
      • LPIC-1 Linux Administrator
      • LPIC-2 Certified Linux Engineer
      • LPIC-3 Senior Level Certification
        • LPIC-3 Exam 300 : Mixed Environments
        • LPIC-3 Exam 303 : Security
        • LPIC-3 Exam 304 : Virtualization and High Availability
    • Linux Technologies
      • Apache HTTPD Server
      • Learning PHP
      • Learning PUPPET
      • Learning SAMBA
      • Linux File-Systems
      • Monitoring with Nagios Core
      • MYSQL
      • openLDAP Directories on Linux
You are here: Home / LPI Training from The Urban Penguin / LPIC-3 Senior Level Certification / LPIC-3 Exam 303 : Security

LPIC-3 Exam 303 : Security

LPIC-3 Exam 303

With the LPIC-3 certification, you are able to demonstrate that you are at the pinnacle of your career in Linux Administration. Having already gained your LPIC-2 Certification you can now choose from your expertise level certification. The LPIC-3 exam  303 allows you to show your skill in Linux Security by passing the exam  303-200. For detailed objectives, you may visit the LPI Website.

LPIC-3 Exam 303 : Security Topics

  • Cryptography
  • Access Control
  • Application Security
  • Operations Security
  • Network Security

325.1 X509 Certificates and PKI

The first video in this topic look at setting up the 389-DS LDAP directory Service. We need that later in LPIC-3 303 to look at Authenticating with SSSD and PAM. The install will give you both LDAP and LDAPS access, however, with a self-signed certificate the security is not great and commands will fail if we don’t ignore invalid certificates. We can fix this by creating our own CA, certificate authority, and issuing certificates from certificate signing request form the LDAP server. This is a clean and simple CA that we can start with before moving into a more complex setup.
  • Creating a CA and signing CSR Requests from a server to secure LDAPS on 389-ds

326.1 Host Hardening

We begin this course by looking at topic the LPI objective 326.1 and how we can harden, or secure, our Linux hosts. The LPI publish the objectives online and weight each topic. Host hardening shows with a weight of 3 indicating that you should expect 3 questions on this topic in the exam, from a total of 60. By the end of this topic you will be able to secure your Linux system against common threats. Methods that you will be able to use will include the correct configuration of the Kernel and software. You will find that there is much we can do here to extend the security delivered by and out-of-the box install

Each objective is available to view online. However if you prefer to have all the content in one place and study from an eBook then this objective is now available to download for just £0.99.

Download

  • Mastering sysctl and sysctl.conf
  • Understanding ASLR – Address Space Layout Randomization
  • Understanding Exec-Shield and NX Protection against Overflow Attacks
  • Stop your Linux Server from Responding to Network Pings
  • Managing Broadcast ICMP
  • Limit Server Capabilities – Disabling IPv6
  • IP Address Spoofing, Denial of Service Attacks, Reverse Path Filtering and Logging Martians 
  • Managing Chroot Jails
  • Managing Unused Services
  • Grub Passwords
  • Protecting Server Resources with Ulimit

326.2 Intrusion Detection

Linux Security is not all about prevention. Being able to detect malicious or incorrect use of the server is a major part of a Linux Administrators role and in this objective we take a look at how we can detect such invasions and intruder detection.
  • An Introduction to the Linux Audit System
  • Configuring the Linux Audit System and the auditd.conf File
  • Creating Custom Audit Rules in CentOS 7
  • Installing the Linux Audit System on Ubuntu 18.04
  • Auditing User Keystrokes with PAM
  • Simple rootkit detection in CentOS using rpm
  • Monitoring Ubuntu Filesystems with AIDE
  • Detecting Rootkits in Ubuntu 18.04 with rkhunter
  • Using rkhunter in CentOS 7
  • Using chkrootkit in Ubuntu 18.04
  • Using chkrootkit with CentOS 7 and scheduling with cron
  • Linux Malware Detection, (LMD)

326.3 User Account Management and Authentication

In this objective the focus is upon our user accounts and authentication mechanisms. We will see how Linux can be configured to resolve account names and which authentication mechanisms can be used. For sure, this is going to involve our PAM modules and NSS. We will also dive in LDAP and using SSSD so we can authenticate with multiple LDAP domains. We will also see how we issue authentication token using Kerberos.
  • Why do we need the command pwunconv

327.1 Discretionary Access Control

Discretionary Access Control Lists or DALCs, dacles, represent the permissions that are assigned in the file system.  Discretionary, as a user has the discretion to assign everyone all permissions to their home directory such as assigning  the mode of 777 to $HOME but also as the root user overrides the access control list to maintain access to all files. To a degree this works and is our starting point in the Access Control List journey. In this module we will learn all about user permissions and the files mode. Extending permissions using Access Control Lists and using special permissions to control access. Finally we will look at Posix Capabilities which can be used as a replacement to some special permissions.
  • Read Linux File Permissions with stat
  • Using POSIX Capabilities to Replace SUID Permissions

328.1 Network Hardening

We have already seen, in objective 326.1, how we can harden our Linux Hosts. We now turn our attention to the network and what we can do with Linux to detect issues and harden our network paths. As we work through this module we will look at FreeRADIUS so we can authenticate networks hosts, port scanning using nmap and tools to capture data from the network so we might analyse what is happening. We start with capturing packets to compare unencrypted traffic with encrypted traffic
  • Packet capturing with ngrep and the importance of encryption

Share this:

  • Click to share on Twitter (Opens in new window)
  • Click to share on Facebook (Opens in new window)
  • Click to share on LinkedIn (Opens in new window)
  • Click to share on Reddit (Opens in new window)
  • Click to share on Pinterest (Opens in new window)
  • Click to share on Tumblr (Opens in new window)
  • Click to print (Opens in new window)

Primary Sidebar

Newest Video

The Urban Penguin On Youtube

Products

  • Complete RHCSA 8 Study Guide Complete RHCSA 8 Study Guide £5.99
  • SELinux Guide SELinux Fundamentals in Red Hat Enterprise Linux 8 £1.99
  • Managing POSIX ACLS in Linux £0.99
  • Managing Linux File Permissions £0.99
  • Kernel Module Administration in Linux £0.99

Categories

Pages

  • About The Urban Penguin
  • Contact Us
  • Shop
    • Basket
    • Checkout
    • My Account
  • LPI Training from The Urban Penguin
    • Live and Pluralsight hosted courses
    • Complete Linux Essentials
    • LPIC-3 Senior Level Certification
      • LPIC-3 Exam 300 : Mixed Environments
      • LPIC-3 Exam 303 : Security
      • LPIC-3 Exam 304 : Virtualization and High Availability
    • LPIC-2 Certified Linux Engineer
    • LPIC-1 Linux Administrator
    • LPI Linux Essentials for Raspberry Pi
    • LPI Linux Essentials
  • Operating System Tutorials
    • Linux Foundation Training
    • Solaris 11 OCA 1ZO-821
    • Learning Ubuntu
    • Learning SUSE
    • Red Hat and CentOS Training
      • RHCE – EX294 – Automation With Ansible
      • RHCSA – System Admin 1 – RH124
      • RHCSA – System Admin 2 – RH134
  • Scripting – the power of repetition!
    • Java 7 OCA Exam 1ZO-803
    • General Java Tutorials
    • Learn C Programming using Linux and the Raspberry Pi
    • Ruby Scripting in Linux
    • Scripting with PowerShell
    • PERL Scripting in Linux
    • Learn Shell Scripting with BASH
    • Master Editing Text Files Using VIM
  • Linux Technologies
    • Learning PUPPET
    • openLDAP Directories on Linux
    • Monitoring with Nagios Core
    • Linux File-Systems
    • Learning SAMBA
    • Apache HTTPD Server
    • Learning PHP
    • MYSQL
  • OpenStack
    • Pluralsight
    • Udemy
    • Raspberry Pi Tutorials
    • Citrix Videos
  • Online Instructor-led Courses
    • Red Hat Enterprise Linux System Administration 1 – RH124
    • SELinux Masterclass
    • Bash Scripting Masterclass
    • Nftables Masterclass

© 2021 The Urban Penguin · All Rights Reserved

We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.Ok