LPI Linux Certification/Security Tasks
Candidates should be able to install and configure a secure authentication system, perform basic security auditing of source code, receive security alerts from various sources, audit servers for open email relays and anonymous FTP servers, install, configure and run intrusion detection systems and apply security patches and bugfixes.
- Key knowledge area(s):
- Basic KERBEROS 5 configuration files, tools and utilities to ensure secure logins to a server
- Tools and utilities to scan and test ports on a server
- Locations and organisations that report security alerts as Bugtraq, CERT, CIAC or other sources
- Tools and utilities to implement an intrusion detection system (IDS)
- The following is a partial list of the used files, terms and utilities:
Description: The candidate should be able to install and configure kerberos and perform basic security auditing of source code. This objective includes arranging to receive security alerts from Bugtraq, CERT, CIAC or other sources, being able to test for open mail relays and anonymous FTP servers, installing and configuring an intrusion detection system such as snort or Tripwire. Candidates should also be able to update the IDS configuration as new vulnerabilities are discovered and apply security patches and bugfixes.
Key files, terms, and utilities include:
Tripwire nessus netsaint snort telnet nmap
Reference: Red Hat Enterprise Linux 4: Reference Guide - Chapter 19. Kerberos (http://www.redhat.com/docs/manuals/enterprise/RHEL-4-Manual/ref-guide/ch-kerberos.html)
1. Installing Server
2. Installing Client
3. Basic Configuration (e.g. krb5.conf ..)
Use atelnet client to test/debug your servers This implies you know a little about the protocol used : read the corresponding RFCs Check security mailing lists such as Bugtraq, CERT, et al. regularly Patch your systems ASAP !
Run a security scanner on your system regularly Network security scanners Nessus and Netsaint are widely used, highly considered and open-source Bastille Linux is a great host-based security scanner Use some Intrusion Detection Systems (IDS), both network- and hosts-based Tripwire Snort
Don't forget : security is a never-ending process, not a state or a product !