Linux Advanced Security

Linux enjoys great popularity, especially in the server and IoT sectors – this makes the free operating system increasingly interesting for attackers.
Contrary to the long-standing myth, Linux is developed with a focus on security – but can certainly be hijacked by clever attacks.
Like other software vendors, Linux distributions face a tradeoff between security and usability.
Linux administrators can change the settings to their own liking.

This course provides a basic overview of common hardening options and uses SELinux, AppArmor, and fail2ban as examples to demonstrate three important tools.
Also demonstrated are OpenVAS and Dev-Sec, two other programs for detecting and closing common security vulnerabilities.
The workshop is as interactive as possible – theoretical and practical content is provided for the respective tasks.

Agenda:

Motivation

  • Overview
  • General Best Practices
  • Linux Security Modules

SELinux

  • Overview
  • User
  • Policies
  • File context
  • Modules and Booleans

AppArmor

  • Modes
  • Profiles

OpenVAS

  • Running Scans

Dev-Sec / InSpec

  • Analyze systems with InSpec
  • Harden systems automatically with Ansible

fail2ban

  • Jails
  • Actions

Christian Stankowic is Technical Leader at SVA System Vertrieb Alexander GmbH, where he focuses on enterprise Linux, automation and DevOps. He likes to develop open-source tools for the grey boxes in his spare time, which help you solve problems that you wouldn’t have had without them.

This post is also available in: German