Red Hat Certified Specialist in Security (Exam EX415) Prep Course
July 2nd, 2019
Security Training Architect I in Content
The performance-based Red Hat Certified Specialist in Security exam (EX415) tests your ability to perform a number of systems administration tasks focused on securing servers. This includes the use of firewalls, USB device restriction, encryption, auditing, compliance, automation, and more.
Interactive Diagram Link: https://www.lucidchart.com/documents/view/4df839b0-86ea-4473-9241-551b5d0f06f1/0
About the Author
In this video, you'll meet Bob Salmans, the security training architect for this course.
About the Course
In this video, we'll discuss what this course is all about. We'll review each of the main topics covered in the course and discuss the practice exam we've created to help you pass the Red Hat EX415 certification exam.
In this video, we'll review the helpful features included in this and every other Linux Academy course: flash cards, community, the course scheduler tool, and much more. This video will help you get the most out of the course.
Security Auditing and Automation
Introduction to System Auditing
In this video, we will be introduced to auditd, the system auditing service. We will discuss use cases for auditing and where auditd logs to and how it decides what to log. We will begin to learn the process of creating audit rules using auditctl.
Defining Audit Rules and Creating Audit Reports
In this video, we will look at configuring persistent audit rules and using pre-configured rules to meet security compliance. Then we'll see how to use the aureport utility to create audit reports.
All About OpenSCAP
In this video, we will see what OpenSCAP is and what it can do for us. OpenSCAP is a very useful tool when it comes to auditing our systems for compliance and can be very helpful in automating compliance remediation. We'll look at: How to install OpenSCAP and scap-workbenchHow to scan local and remote hosts with OpenSCAPCreating custom policiesCreating remediation scripts for Ansible OpenSCAP is a great tool to help us monitor our environments for compliance and to help us in the automation of remediation.
OSCAP with Red Hat Satellite and Insights
In this video, we'll take a look at how to create and edit policies within the OSCAP section of Red Hat Satellite. We'll then dive into Red Hat Insights and look at how we can review information about our hosts and download Ansible remediation scripts from within Insights.
Connecting to a Linux Lab Server with VNC
In this video, I'll demonstrate how to connect to a Linux lab server using VNC.
Introduction to Ansible and Its Parts
In this video, we'll be reviewing what Ansible is used for and the different parts of Ansible. For example, we'll be looking at the inventory file, modules, playbooks, and configuration files.
Installing Ansible and Managing SSH Keys
In this video, we'll be installing and configuring Ansible. We'll cover setting up an Ansible user account, creating SSH keys, sharing those keys, and working with sudo. Then, we'll find out how to run ad-hoc Ansible commands, and create and run playbooks. Lastly, we'll discuss using Ansible to automate remediation of security issues.
AIDE (Advanced Intrusion Detection Environment)
Installing and Configuring AIDE
In this video, we'll discuss what AIDE is, how it works, and what it can do for us. We'll review how to install and configure AIDE as well as test AIDE's functionality.
Tuning AIDE Functionality
In this video, we'll learn how to create rules for AIDE. We'll review the default rules, create rule groups, and define objects to monitor with AIDE.
In this video, we'll take a look at some common scenarios you might encounter, a common error you may see, and two instances you might create rules when working with AIDE.
Managing SSH Access
In this video, we'll cover how to manage SSH access to a host. This includes using key terms such as AllowUsers and AllowGroups. We'll edit the /etc/ssh/sshd_config file to manage which users can SSH into a host, as well as where they can SSH from.
Working with SSH Keys and Settings
In this video, we'll start working with SSH keys and then move into some additional settings that can be used to increase the security of SSH. We'll generate SSH keys and share them with another node and then test using SSH with the newly shared keys.
USB Device Restrictions
Installing and Configuring USBGuard
In this video, we'll cover what USBGuard is and how we can use it to control which USB devices our hosts can communicate with. As we know, rogue USB devices are a threat to our environments through such means as "USB Dropper Attacks". USBGuard provides us a way to control USB device access and eliminate the threat of rogue USB devices.
USBGuard Policies and Settings
In this video, we continue working with USBGuard and begin writing rules. We'll look at how we create rules and import them into the USBGuard config file. We'll also review the different options available to us when creating rules for USBGuard.
Pluggable Authentication Module (PAM) Policies
Introduction to PAM
In this video, we'll learn about PAM (Pluggable Authentication Module) and what we can use PAM to accomplish. We'll review the PAM config files, locate the PAM documents, and how to install PAM.
Creating Account Lockout Policies
In this video, we'll take a look at how to use PAM to create account lockout policies. We'll define a policy, put it into effect, and then test the policy for functionality. We'll see how to identify failed logins for users and how to reset those failed logins.
Creating Password Policies
In this video, we'll take a look at how to use PAM to create password policies, more specifically, password complexity policies. We'll review the available options to define acceptable passwords and then create a password history policy to prevent password reuse.
Controlling sudo Access
In this video, we'll take a look at how to control sudo access on a host. We'll discuss the default settings in the sudoers file and how to add users and groups to the file. We'll also discuss how to use sudo in a granular manner and how to disable the requirement for a password when using sudo.
Locking Down sudo
In this video, we'll discuss how to make sudo more secure. sudo itself isn't inherently dangerous, but it can be used in a more secure manner. We'll look at three ways to increase the security of sudo, including changing default settings, password cache timeouts, and using granular sudo permissions.
Linux Unified Key Setup (LUKS)
Linux Storage Review
In this video, we will review storage on Linux hosts. We'll review the storage layout, volume groups, and logical volumes. We'll also take a look at some commands that are helpful when dealing with storage.
Introduction to LUKS
In this video, we'll be covering the topic of storage encryption using Linux Unified Key Setup (LUKS). We'll discuss the idea of encrypted data at rest versus decrypted data that the operating system can use. Lastly, we'll take a look at how to install the required LUKS package.
The LUKS Encryption Process
In this video, we'll walk through the process used to encrypt a volume using LUKS. Then, we'll format the volume and mount it so the operating system can use the volume.
Mounting LUKS Volumes at Boot
In this video, we'll learn how to set up a LUKS encrypted volume to open and mount at boot time. This includes editing the /etc/crypttab and /etc/fstab files to make this happen. We also discuss a drawback to configuring a LUKS volume to open and mount at boot.
LUKS Volume Management
In this video, we'll review tasks used when managing LUKS volumes. This includes opening and closing LUKS volumes, changing a LUKS passphrase, and performing backups of the LUKS headers.
LUKS Scenarios and Review
In this video, we will go through a couple scenarios you are likely to encounter when working with LUKS. We'll walk through each scenario and discuss the processes involved in completing the objectives in each scenario.
Network-Bound Disk Encryption (NBDE)
Introduction to NBDE
In this video, we'll review what Network-Bound Disk Encryption (NBDE) is and how it works. We'll review the benefit it provides us while automating the opening process of LUKS encrypted storage. We'll also discuss the layout of the NBDE architecture and what packages need to be installed.
Configuring NBDE Servers
In this video, we walk through the process of setting up the server side of the NBDE solution. This includes installing the Tang package and validating the Tang service creates keys and starts properly.
Configuring NBDE Clients
In this video, we'll walk through the process of setting up the client side of the NBDE solution. This includes installing multiple Clevis packages, binding a Tang key to our LUKS encrypted storage, and configuring the decryption process to happen at boot.
NBDE Key Management
In this video, we'll discuss NBDE key management. As a best practice, it's best to periodically update your NBDE keys. This includes creating new keys and re-binding LUKS encrypted storage to the new keys.
Introduction to SELinux
In this video, we'll learn what SELinux is and what it is not. We'll also discuss what role it plays in security. Lastly, we'll learn how to set the SELinux state of protection.
Policies and Labels
In this video, we'll learn all about policies and labels. We'll cover the three policy states of SELinux. Then, we'll discuss what labels are and how SELinux uses them.
Type Enforcement and Managing Labels
In this video, we'll discuss type enforcement and what that means. We'll review how SELinux uses types and labels to control communications between objects. Lastly, we'll cover how to manage types and change them when needed.
In this video, we'll discuss booleans, what they are, and how they are used. We'll also discuss some scenarios to help you better understand how we use booleans.
In this video, we'll discuss how to troubleshoot SELinux. Many times, SELinux is disabled simply because admins are not sure how to deal with errors. We will ensure that you are not one of those admins. We'll look at installing two packages that help us to troubleshoot SELinux and see just how easy it is to fix problems within SELinux.
Confined Users, Booleans, and sudo
In this video, we'll discuss what confined users are within SELinux and what role they play in security. Then, we'll revisit our old friend: boolean. We'll use booleans to impose rules onto Linux users. Lastly we'll take a look at how SELinux restricts sudo access for users and what we can do to remedy this.
Confined Users Review
In this video, we'll review what confined users are and how we work with them. This includes searching through booleans for specific rules and setting them.
In this video, we walk through a scenario which you may run across in day-to-day Linux management. We see first-hand how SELinux can cause issues and we walk through how to troubleshoot those issues to resolve them.
How to Prepare for the Exam
In this video, we'll talk about how to prepare for the Red Hat EX415 exam, as well as go over how to register for and schedule the exam. Lastly, we'll talk about how to share your success with the Linux Academy community!
Here at Linux Academy, we want to celebrate your success with you. Let us know when you pass a certification, complete a course, or have any other big wins so we can recognize your achievements!
What's Next After Certification
Now that you've completed the course and hopefully taken and passed your certification, what would you like to do next? In this video, we make some suggestions that may help you decide.