Securing a Linux Server

Displaying courses for Great Britain [Change]


Linux server has proven itself as a powerful, stable, fast and scalable IT platform for both small-to-medium enterprise and large organisations, where data, network, high availability storage and other server-type provisioning installations are routinely served by Linux. This course will build on the experience, knowledge and capabilities of the delegates, who - most likely - will have installed and managed a Linux machine(s) for a period of time.

During this event, we will step through most of the system and server administration and maintenance tasks, this time concentrating on security aspects of the configuration, lock down techniques, and best practices for fine-tuning a system in order to make it as secure as relevant and possible.

The course is a follow up to the 'Essential Linux Administration' ( ), 'Advanced Linux Administration' ( ) and 'Building a Linux Server' ( ) training path.


At the end of this course you will be able to:

  • Analyse the physical computer issues
  • Protect Linux server at the GRUB level
  • Appreciate a perimeter network concepts and protection
  • Configure and use iptables firewall
  • Implement jail environment with chroot
  • Use SSH for seamless and secure connectivity
  • Manage services as part of security proofing and tie down
  • Implement and control basic SELinux policy
  • Authentication Methods and Techniques


Experienced Linux system and network administrators, analysts, or system architects responsible maintaining and securing servers based on a Linux operating systemDelegates will also be expected to be familiar with the basics of IT security and data encryption concepts, as provided by the 'Information Security Fundamentals' course


  • Delegates should have previously attended the Building a Linux Server ( ) and Information Security Fundamentals ( ) courses, or have equivalent knowledge, and have several months practical experience of administering a Linux system.
  • Alternatively, they must be able to demonstrate a solid experience (typically several years) of any UNIX system administration and server maintenance.


Getting Started

  • Linux server market
  • Introduction to distributions considered in this course
  • Red Hat, SUSE and Debian derivatives
  • Understand your kernel
  • Web resources and forums

Physical and OS Security of Linux

  • Computer hardware
  • Location and environment
  • Network topology
  • Hardware and software inventory
  • BIOS security
  • BIOS updates and configuration
  • Bootstrapping protection
  • Securing access to GRUB and the kernels
  • Password-protecting LILO
  • UEFI secure boot specification

SSH Hints and Tricks

  • SSH purpose
  • Recap of basic SSH use
  • SSH client and server configuration
  • Using SSH keys
  • Creating public/private key pair
  • Configuring and using SSH agent
  • Tunnelling X application in SSH
  • Port forwarding
  • Principles of local and remote port forwarding
  • Forwarding through a firewall and multiple gateways
  • SSH and VNC

Introduction to SELinux

  • DAC vs. MAC security policies
  • Problems with traditional methods
  • Main SELinux features: policies, enforcement, control
  • Scope, coverage and availability of SELinux
  • SELinux states
  • Labelling and access policies
  • Policy database and run-time flow
  • Creating policies

User Account Security

  • User types and their accounts: Superuser(s), daemon users, ordinary users
  • Terminal and shell control files
  • Unknown and dormant accounts
  • Testing account usage and activity: lastlog, last, lastb
  • Authenticating with PAM
  • PAM structure, control flow and configuration
  • User login and security files
  • login.defs, securetty, messages

Working with chroot

  • Why use a chroot environment
  • Best chroot practices
  • Basics of constructing a chroot jail
  • Understanding the structure
  • Tools to identify / create required files
  • Popular chroot implementations
  • chroot-aware named packages

System Service Control

  • Linux SysVinit startup sequence
  • Single and multi-user run levels
  • The init process and its configuration in /etc/inittab
  • SysVinit startup
  • Upstart method
  • Runlevel and service
  • Using run level 4 to isolate service management
  • Configuring runlevel 4 as means of proofing Apache configuration

Perimeter Network Protection

  • Firewall concepts
  • Infrastructure and DMZ
  • Types and implementations
  • Linux firewall: iptables
  • Operating system and software preparation
  • Rules, chains and targets
  • Saving and restoring rules
  • Firewall products
  • Netfilter, iptables
  • Front end products and alternatives
  • Using knockd to open holes in the firewall

Authentication Methods and Techniques

  • SSL/TSL certificates: creating, validating, installing
  • Creating Kerberos Key Distribution Centre
  • Managing Kerberos realm
  • Using Kerberos alongside other technologies.

Training provider

Teaching mode: Classroom - Instructor Led
Duration: 3 days
Gooroo has partnered with the global leaders in IT training to give you access to quality training, personalised to you, targeted at increasing your job opportunities and salary.

Our pricing

We do not display pricing as Gooroo members qualify for special discounts not available elsewhere. You must enquire through Gooroo to get this benefit.

New courses are happening all the time

Our partner's expert training consultant will provide you with the times and all the details you need. Enquire today.

Top skills covered in this course

Great Britain
This skill has an average salary of
and is mentioned in
of job ads in this area.
Great Britain
This skill has an average salary of
and is mentioned in
of job ads in this area.
Apache HTTP Server
Great Britain
This skill has an average salary of
and is mentioned in
of job ads in this area.
Server administrator
Great Britain
This skill has an average salary of
and is mentioned in
of job ads in this area.