LinuxCBT.com

Syllabus

Focus: Important Files relevant to ALL Linux distributions.

Duration: 8-Hours

  • Key-Files Security

    • Introduction - Topology - Features
      • Discuss areas of concern
      • Expose available systems
      • Prepare to study important files
    •  
    • Boot Partition
      • Identify /boot setup on various systems
      • Enumerate key files regarding boot sequence
      • Peruse various configuration files
      • Present hypothetical areas of failure
      • Contrast with Windows boot implementation
    •  
    • INIT Environment
      • Discuss traditional INIT implementation
      • Identify important files across distributions
      • Examine INIT.D and RC hierarchies
      • Propose methods of ensuring integrity of environment
    •  
    • Kernel Modules Environment
      • Identify key directory hierarchy
      • Discuss applicability
      • Explore various modules related configuration files
      • Enumerate loaded modules and correlate to FS taxonomy
      • Correlate detected modules to loaded and available modules
    •  
    • PROC File System
      • Discuss usage and applicability
      • Descend PROC hierarchy accordingly
      • Identify PID tree and related descriptors
      • Recover Kernel invocation method
      • Expose supported Paritions, File Systems & Devices
      • Dump CPU & Memory configuration
      • Peruse other applicable PROC entries
    •  
    • SBIN Executables
      • Identify available SBIN containers
      • Expose SETGID and SETUID SBIN entries
      • Enumerate relevant client system binaries
      • Locate important SBIN daemons | services
      • Discuss storage management SBIN entries
      • Find interface and network related SBIN entries
    •  
    • System Control Configuration
      • Explain applicability
      • Identify user space process
      • Enumerate default configuration directives
      • Define common variables influencing system behavior
      • Committ variables for persistence
      • Discuss potential areas of concern with system configuration
      • Evaluate results
    •  
    • INETD | XINETD Configuration
      • Explain super server usage
      • Identify both INETD and XINETD on relevant systems
      • Expose controlled services
      • Disable superfluous super-server controlled services
    •  
    • User Accounts Environment
      • Discuss relevance of securing related files
      • Explain default files
      • Suggest areas of concern regarding compromised entries
      • Tighten default security policy related to user accounts
    •  
    • Pluggable Authentication Modules (PAM)
      • Identify key files related to PAM AUTH
      • Expose baseline configuration based on current definition
      • Locate baseline PAM libraries and discuss strategies
      • Compare and contrast environmental differences across accounts
    •  
    • Hosts | Protocols | Services
      • Explain relevance of these key files
      • Discuss typical name resolution process
      • Identify baseline confguration
      • Affect changes to relevant files and evaluate
      • Discuss typical malware impact on key files
    •  
    • NSSWITCH Configuraton
      • Explain importance and relevance
      • Identify various implementations
      • Make changes to name resolver configuration
      • Evaluate results
    •  
    • DNS Client Resolution Configuration
      • Identify key files governing client resolution
      • Perform queries with incorrect resolution
      • Correct resolution accordingly
      • Vary configuration and evaluate results
    •  
    • User Profiles Environment
      • Discuss applicable entries related to profiles
      • Delineate between system-wide and user-wide configurations
      • Examine relevant profile files for $SHELL and GUI environments
      • Posit suggestions to tighten baseline
      • Evaluate accordingly
    •  
    • System Scheduler Environment
      • Discuss importance of CRON
      • Identify system and user-wide configuration files
      • Propose methods of tightening configuration
      • Evaluate resuls
    •  
    • DNS Server Configuration
      • Discuss importance of traffic direction services
      • Identify key files across distributions
      • Suggest areas to enhance security posture
      • Intersperse corrupt DNS values and evaluate influence
    •  
    • SYSLOG Configuration
      • Discuss applicability
      • Review baseline configuration
      • Hypothesize possible data-leakage opportunities
      • Propose methods of configuration augmentation
    •  
    • SSH | Client | Server | Files
      • Discuss importance of file correlation
      • Identify key client files
      • Change client file data and evaluate behavior
      • Identify outdated key file information
      • Generate usage keys and propagate
      • Test communications
      • Identify key server files
      • Discuss implications of SSH configuration
    •  
    • '/run' - '/var/run'
      • Discuss 'tmpfs' features
      • Explore implementation
      • Find all PIDs
      • Correlate to running processes
      • Identify various ancillary, non-PID files
      • Explore important items
    •  

LinuxCBT Key-Files Edition

  •  
DEMO