Explore x 5.9 certificates and public key infrastructure, including trust chains and certificate transparency, and learn to generate keys, create a certificate authority, and issue certificates on Linux using OpenSSL.

Explore how X.509 certificates document public key ownership, trace their lifecycle from registration to active use, and review issuer, subject, public key fields and extensions.

Generate and manage public/private keys with openssl using rsa, encrypt the private key with a passphrase, produce 2048-bit pem-formatted private and public keys, and learn their role in certificate authorities.

Learn to create a certificate authority with OpenSSL, generate RSA keys, and sign public keys using a SHA-256 X.509 certificate, enabling secure key signing and certificate issuance.

Acquire trusted certificates with Let's Encrypt, ACME, and Certbot by proving domain ownership. Install and automate renewals on Apache servers for production sites.

Learn how cfssl speeds certificate creation, offering a modern alternative to OpenSSL. Use a JSON workflow to define subjects and generate a certificate authority.

Explore the fundamentals of public-private key cryptography and x.509 certificates within a PKI, including certificate authorities, and apply them in Linux with OpenSSL and tools like Let's Encrypt, ACME, CFSSL.

Wrap up this section by reviewing tls and ssl functionality, enabling https with Apache, serving certificate chains, enabling client authentication, and testing with OpenSSL, including content security policy stapling.

Unlocks the encrypted block disk at boot with a password to decrypt and boot into the Linux system, then authenticates as a user; examines the disk structure via dev/mapper.

Encrypt a partition with cryptsetup using luks format and access it via the mapper. Explore key slots and passphrases while performing live encryption and noting setup steps.

Learn to use cryptsetup with LUKS2 to back up and restore the disk header, manage key slots, and change or add keys on sda2.

Explore the fundamentals of DNS and DNSSEC, configure BIND on a Linux machine to run a DNS server, and review security records like CAA, DANE, and multicast DNS.

Enable dnssec on a bind server by generating a ksk and zone key with dnssec-keygen, then configure key access and inline signing before reloading bind.

Multicast DNS resolves hostnames to IP addresses on small subnets without a centralized DNS server by broadcasting queries and sharing responses among devices.

Learn to analyze and harden systemd services by running systemd-analyze security, interpret exposure scores, and disable private mounts, devices, and sensitive system calls.

Install USB Guard, generate a new policy, and configure whitelist or blacklist rules to control which USB devices connect; enable the service and allow or block devices by id.

Explore Meltdown and Spectre vulnerabilities on Linux systems, understand kernel mitigations, and evaluate when to enable or disable mitigations based on processor risk and performance.

Learn host intrusion detection with the Linux audit system to detect unauthorized file use, detect malware with Linux malware detection, verify packages, and explore open A.S.A.P. and CCP.

Install and use the Linux malware detection tool to scan for malware, download with curl, extract the tarball, and configure email or Slack alerts and cron scans.

Learn host intrusion detection using the Linux audit system, detect unauthorized file use, identify rootkits with chkrootkit and rkhunter, and verify packages as part of Linux malware detection.

Learn how ulimits prevent resource overconsumption and denial of service on Linux systems by setting limits on core dumps and processes.

Explore how seed groups (control groups) allocate resources across cpu, io, memory, net, and processes, using cpu set, memory limits, io restrictions, and device and net controls.

Explore systemd units and slices to manage resources in linux, compare system and user space, and configure cpu, memory, and i/o accounting for balanced allocations.

Configure per-process resource limits with system ctrl to allocate cpu shares and memory limits, balancing system and user space while preventing resource hogging.

Explore discretionary access control, where the resource owner sets read, write, and execute permissions, and assess its ease for trusted users against risks of overly broad access.

Master Linux file ownership and discretionary access control by understanding owner, group, and others permissions (rwx), how to view them, and how superuser changes affect access.

Learn how setuid and setgid bits cause programs to run as the owner or a group, enabling access to restricted resources. See how chmod implements these permissions.

Explore access control lists to view and assign granular file permissions using getfacl and setfacl, including user, group, and other permissions and discretionary access control on files.

Explore SELinux basics by activating Linux, using policy core utils and Linux utils, configuring permissive, enforcing, or disabled modes, and introducing role-based access control; logs at /var/log/audit/audit.log inform policy decisions.