LPIC-3 Exam 303 : Security

With the LPIC-3 certification, you are able to demonstrate that you are at the pinnacle of your career in Linux Administration. Having already gained your LPIC-2 Certification you can now choose from your expertise level certification. The LPIC-3 exam  303 allows you to show your skill in Linux Security by passing the exam  303-200. For detailed objectives, you may visit the LPI Website.

LPIC-3 Exam 303 : Security Topics

• Cryptography
• Access Control
• Application Security
• Operations Security
• Network Security

326.1 Host Hardening

We begin this course by looking at topic the LPI objective 326.1 and how we can harden, or secure, our Linux hosts. The LPI publish the objectives online and weight each topic. Host hardening shows with a weight of 3 indicating that you should expect 3 questions on this topic in the exam, from a total of 60. By the end of this topic you will be able to secure your Linux system against common threats. Methods that you will be able to use will include the correct configuration of the Kernel and software. You will find that there is much we can do here to extend the security delivered by and out-of-the box install

Each objective is available to view online. However if you prefer to have all the content in one place and study from an eBook then this objective is now available to download for just £0.99.

Download

• Mastering sysctl and sysctl.conf
• Understanding ASLR – Address Space Layout Randomization
• Understanding Exec-Shield and NX Protection against Overflow Attacks
• Stop your Linux Server from Responding to Network Pings
• Managing Broadcast ICMP
• Limit Server Capabilities – Disabling IPv6
• IP Address Spoofing, Denial of Service Attacks, Reverse Path Filtering and Logging Martians 
• Managing Chroot Jails
• Managing Unused Services
• Grub Passwords
• Protecting Server Resources with Ulimit

326.2 Intrusion Detection

Linux Security is not all about prevention. Being able to detect malicious or incorrect use of the server is a major part of a Linux Administrators role and in this objective we take a look at how we can detect such invasions and intruder detection.

• An Introduction to the Linux Audit System
• Configuring the Linux Audit System and the auditd.conf File
• Creating Custom Audit Rules in CentOS 7
• Installing the Linux Audit System on Ubuntu 18.04
• Auditing User Keystrokes with PAM
• Simple rootkit detection in CentOS using rpm
• Monitoring Ubuntu Filesystems with AIDE
• Detecting Rootkits in Ubuntu 18.04 with rkhunter
• Using rkhunter in CentOS 7
• Using chkrootkit in Ubuntu 18.04
• Using chkrootkit with CentOS 7 and scheduling with cron
• Linux Malware Detection, (LMD)

326.3 User Account Management and Authentication

In this objective the focus is upon our user accounts and authentication mechanisms. We will see how Linux can be configured to resolve account names and which authentication mechanisms can be used. For sure, this is going to involve our PAM modules and NSS. We will also dive in LDAP and using SSSD so we can authenticate with multiple LDAP domains. We will also see how we issue authentication token using Kerberos.

• Why do we need the command pwunconv

327.1 Discretionary Access Control

Discretionary Access Control Lists or DALCs, dacles, represent the permissions that are assigned in the file system.  Discretionary, as a user has the discretion to assign everyone all permissions to their home directory such as assigning  the mode of 777 to $HOME but also as the root user overrides the access control list to maintain access to all files. To a degree this works and is our starting point in the Access Control List journey. In this module we will learn all about user permissions and the files mode. Extending permissions using Access Control Lists and using special permissions to control access. Finally we will look at Posix Capabilities which can be used as a replacement to some special permissions.

• Read Linux File Permissions with stat
• Using POSIX Capabilities to Replace SUID Permissions

328.1 Network Hardening

We have already seen, in objective 326.1, how we can harden our Linux Hosts. We now turn our attention to the network and what we can do with Linux to detect issues and harden our network paths. As we work through this module we will look at FreeRADIUS so we can authenticate networks hosts, port scanning using nmap and tools to capture data from the network so we might analyse what is happening. We start with capturing packets to compare unencrypted traffic with encrypted traffic

• Packet capturing with ngrep and the importance of encryption