
This video provides an overview of the entire course.
Using Nmap in order to scan your website for server information.
Discover vulnerabilities on your server
Find information on your server
Here we are able to test and diagnose our code on our website in order to determine if our code has any vulnerability errors.
Scan code
This video will show you how to find other sites on your server.
Scan server for other sites and apps
In this video, we will learn what a DDoS attack is, how to carry one out, and what happens to the server if a DDoS attack happens.
Carry out a DDoS attack
In this video, we will discuss the importance of updating our server, and server packages.
Secure your server with proper updates
In this video, we will talk about the different types of passwords that are commonly used amongst system administrators, as well as passwords that are common amongst non-geek users.
Explore weak passwords versus secured passwords
Discover the importance of updating your passwords. How often should you update your password.
Update passwords
In this video, we are going to be working on creating and deleting user accounts. This will come in handy if you have people come on board, or leave your company. You can add them to the server, or remove them.
Add new users to your server
Remove old users from your server
In this video, we will dive into a basic operations of monitoring our server. With a terminal based software package, we are able to monitor the traffic going in and out of our server.
Use HTOP to monitor traffic on our server
In this video, we will discuss two methods we can use in order to back up our server data. By backing up your server data, you are staying ahead of the game if in the event in which your server does go down, you have a backup stored so you can restore your server back to last known working configurations.
Backup physical server
Backup virtual server
In this video, we will discover and remove any old packages we are not using in order to free up space on our server, and at the same time increase our server’s response time.
Find packages installed on our server
Remove unused/unwanted packages on our server
It is extremely important to stay updated with the latest version of Linux. However, there are a few instances where updating the O.S. will crash your services running. Updating O.S. versions allows you to keep your server updated with latest security patches and updates.
Update Linux Server Operating System
In this video, we are going to learn how to see any hardware issues you may have amongst your server. By knowing what hardware issue(s) you have, you can fix those issues and get your server back up to speed and performance you desire.
Search for hardware error logs
While using HTOP is a great method for monitoring traffic, we can use a more advanced GUI based server monitoring software known as Zabbix.
Install and configure Zabbix
In this video, we will learn how to use an online MX record in order to monitor traffic going towards our site and detour DDoS attack to another point. Cloudflare is a widely used and highly trusted MX record service to allow our domain to travel through there and send real requests to our sites.
Use Cloudflare for MX records
When you are dealing with personal information, visitors like to see SSL Records on top URL bar. This SSL is what provides us with HTTPS telling our viewers that our site is secured. Let’s Encrypt is a free SSL record provider that we can use to provide HTTPS pings for our website.
Install let’s Encrypt
Configure let’s Encrypt
Test our SSL record
In this video, we are going to be installing a firewall rules application that will act as a software-based firewall to help enhance and protect our server.
Install Fail2ban
Configure firewall rules
We typically log into our server using passwords. Now, we are going to explore ways that we can use in order to log into our server using a special key. This by passes the usage of having to constantly use a password, and remove possibilities of having our site brute forced.
Create SSH keys on our computer
Insert SSK keys on server
Connect to server with SSH keys
When you have multiple users on your server, and everyone is making alterations, something is bound to mess up. And using listing edits, we can see who did what edit and at what time. This is helpful to track down the issue with the server and fix the server.
Use terminal to determine who made what edit and when
We will discover how to increase our passwords strength using various techniques.
Use L337 in order to secure our passwords
If you have several failed attempts of logging into your server, we can view those logs as well as remove them. This will free up space on our server, as well as increase our server speed.
Discover authentication fails
Remove authentication fails
By removing passwords, after you have setup SSK keys, we are limiting the ability of our server being exposed to brute force attacks.
Remove login passwords
Now, we can setup different computers that we can use in order to allow these specified computers to connect to our server. This helps out with security as we are telling the server which computers we want to connect to our server.
Use remote computers to connect to the server
In this video, we are going to be looking at some of the cool password management tools in order to store our passwords for us.
Install password management tools
We have antivirus software installed on our computers. So why not have an antivirus program running on our server. With ClamAV, we are able to have a secured running antivirus software on our server at all times.
Install ClamAV
Configure ClamAV
In this video, we will discover techniques we can use in order to secure our server’s memory in order to increase response time, and remove unwanted services brought on by other sites and apps running on the same server.
Secure memory
A carefully created security banner will be acting as the servers warning. When you log in you will be presented with a security banner indicating that the traffic is heavily monitored and unwanted visitors should be aware that they are being tracked.
Cultivate a security banner
We are able to prevent IP spoofing in a very easy method. By removing the option to allow IP spoofing, we are limiting the resources to hackers by providing a false IP for other users.
Remove IP spoofing
This video gives an overview of the entire course.
In this video we will learn about the basics of security.
In this video we will be conducting integrity checks of the installation medium using checksum.
Change the directory to the folder containing the downloaded ISO file
Type md5sum command
Compare the hash calculated
In this video we will learn to use the sudo command, to provide trusted users administrative access to the system without sharing the password.
Create a normal account and then give it sudo access
Use the sudo command from the new account
Execute the administrative commands
Nmap is one of the most popular tools included in Linux that can be used to scan a network. We will use them in this video.
Find all online hosts within a given IP range
Optimize the process in order to scan the range faster
Discover services that are online
The ls command is used to list files in a directory, and it is similar to the dir command in DOS. In this vide we will look how this command can be used with various parameters to give different results.
Take a look at the simple listing of files in a current directory
Check out details of files
Print the file size in readable form
Change Mode or chmod is a Linux command that is used to modify the access permissions of files and directories. In this video we will look at an example of chmod.
Change a single permission for users
Separate different permissions using a comma
Add or remove a permission for all the users
In addition to providing permissions for the owner and group of a particular file, we can set permissions for any user, user group, or group of all the users who are not in a group of a particular user using ACLs.
Create three users and give them names
Create a group with any name
Check the permissions in the accounts directory
In this video we will see how mv or move command is used when we wish to move files from one directory to another.
Move the testfile1.txt file from the current directory to any other directory
Move multiple files using a single command
Rename files and directories
One of the major aspects of user authentication is monitoring the users of the system. There are various ways to keep track of all the successful and failed login attempts made by a user in Linux and we will look at them in this video.
Check incorrect login attempts for a particular user
Use dmesg command, to see the log using the terminal
View 10 most recent logs in a particular log file
Major role of a system administrator is to configure and manage users and groups on a Linux system. In this video we will limit the login capabilities of all users.
Change login shell of the account to a special value
Log in to sslh user as root
Check details in the file again for the user1 account
Acct is an open source application which helps monitor user activity on a Linux system. In this video we will use this acct application to monitor user activity.
Run script to configure the package
Run the command make
Install the package on Linux system
Defining user authorization on a computer mainly deals with deciding the activities that a user may or may not be allowed to do. In this video, we will go through various controls which can be applied on user accounts.
Edit the sudoers file
Run the ps command from user2 as user1
Log in from user1 and try to change the passwords of the user2 and user3 accounts
SSH, or Secure Shell, is a protocol which is used to log on to remote systems securely and is the most commonly used method for accessing remote Linux systems. We will now see how to use SSH.
Install software to use SSH
Log in from the client system to the server system
Configure SSH to it as per requirements
In this video we will learn to disable or enable the root login for SSH as per our requirements to prevent the chances of an attacker getting access to the system.
Disable SSH root login
Enable it again
Even though SSH login is protected by using passwords for the user account, we will make it more secure by using key-based authentication into SSH in this video.
Create a pair of keys— a private key and a public key
Copy the public key file to the remote SSH server
Log in to the server again
When computers are connected to each other to form a network and exchange information and resources with each other, managing this network information becomes an important task for a system administrator.
Check current IP address
Check the available Ethernet devices on the system
Disable Network Manager and then set the details of the IP address
One of the essential steps required to secure a Linux system is to set up a good firewall. In this video we ill configure a firewall using Iptables.
Check whether any rule already exists on the system
Check which of the modules of Iptables are loaded
Make sure that any other packet that enters the INPUT chain should be blocked.
IP spoofing is a very common technique used by attackers to send malicious packets to a computer server. In this video we will block such spoofed addresses.
Create a basic ruleset of iptables
Restrict all incoming packets
One of the most important tasks for a Linux system administrator is to control access to network services. At times, it may be better to block all incoming traffic on the server and only allow the required services to connect so we will look at it in this video.
Allow access to localhost data
Accept all traffic-related to outbound connections
Add rule to accept ping requests/responses (Echo ICMP) to keep our system's connections alive
sXid is the tool for monitoring SUID/SGID on a regular basis. Using this tool, we can track changes in the SUID/SGID of files and folders.
Install the sXid package
Change value for EMAIL to any other email ID
Define list of directories
As a system administrator, one major concern is to protect the system from network intrusions.
This is where PortSentry comes into the picture. It has the ability to detect scans on a host system and react to those scans in the way we choose.
Install the Portsentry package
Verify TCPand UDP ports
Configure portsentry by editing the portsentry.conf file
SSL is a protocol used for transmitting sensitive information over the Internet. OpenSSL library provides an implementation of Secure Sockets Layer (SSL) and TLS Transport Layer Security (TLS) protocols.
Install OpenSSL package on the first system
Enable SSL support
Create a self-signed certificate using OpenSSL
Tripwire is a host-based Intrusion Detection System (IDS), which can be used to monitor different filesystem data points and then alert us if any file gets modified or changed.
Install Tripwire package
Initialize Tripwire database
Run the Tripwire interactive command to test it
Kali is a Debian-based Linux distribution developed for the purpose of security testing. With hundreds of penetration testing tools preinstalled, Kali is a ready to use OS. In this video we will install kali linux
Learn the installation procedure
While performing computer forensics, it is important that the software being used is able to ensure the integrity of file structures. DEFT is designed for forensics and is based on Lubuntu, which is itself based on Ubuntu.
Understand the different tools available in DEFT
Shellshock, or Bashdoor, is a vulnerability that's used in most versions of the Linux and Unix operating systems. In this video, we will take a look at how to set up our system to understand the internal details of the Shellshock vulnerability.
Check the version of bash on the Linux system
Check whether the vulnerability actually exists or not
Define a function and export it in order to make it available in the child shell
Whenever a security vulnerability is found in any software, a security patch is released for the software so that the bug can be fixed. For such situations. We will be creating a sample program in C to understand the process of creating a patch file.
Create a patch for a program using the diff command
Apply the patch using the patch command
Logcheck is a good tool to help administrators analyze and scan log files. In this video, we will use the logcheck function to view and manage the log files.
Install the Logcheck package and edit its configuration
Change the format of the date/time stamp for
Define the logs to be monitored
For any network that is either big or small, network monitoring and security is a very essential Task. In this video, we will take a look at how to use Nmap to perform different types of scans.
Perform a simple scan using Nmap
Scan more than one system
Scan target system
For an administrator, system monitoring is also about monitoring the performance of the system by checking the processes and services running on it. Glances can highlight programs that use the maximum amount of system resources. We will now learn to use it in this video.
Modify the threshold value for the color codes
Modify the refresh time interval
Enable the client/server mode of Glances
While working on Linux, the most commonly used command is ls, which gives a listing of the files in the directory we specified. However, it shows only a little information about the files. Instead, if we use the stat command, we can get more information about the files/ directories when compared to using ls.
Use ls – l command to perform a long-listing of the file
Use the stat command to check the details of the directories
Use the -f option with the stat command
When running any command or program on our Linux machine, you might wonder what the background working of it is. For this, we have a very useful tool in Linux called strace. In this video, let's see how strace can be used in various ways to trace the execution of any program from start to end.
Use the –c option to have a statistical summary of the strace command
Use –e option to show only a specific call
Use the –o option to save the output of the strace command in a file
Monitoring log files on Linux manually is a very tedious task. To make it easy, we can use auditing tools on our Linux system. Lynis is easy to use and we can get a security report in a faster duration of time. This is helpful when scanning Linux systems for vulnerabilities and malwares.
Scan the complete system
Find all the lines in the report that contain the word Warning
Find all the lists of all the Suggestion given by Lynis
This video gives an overview of the entire course.
Most people have no idea how hackers actually gain access to a server. This section teaches how. So “Know thy enemy”. Understanding your enemy means learning how to protect against them. Additionally we will use what we learn here for the last section. Port Scanning in the first step when attacking.
The attack’s problem: what can he actually attack
Port Scanning shows which services are available to attack
Even software versions can be identified, and it is very easy
By Port Scanning an attacker knows what applications are running on a server. So now an attacker tries to gain access to the server by missing security patches or misconfigurations in an application.
Vulnerability scanners can help to show vulnerable services
Setup of OpenVAS
Vulnerabilities found on a test server by OpenVAS
Also passwords are a common way an attacker gains access to a system. Weak passwords on accounts or application default accounts can be identified automated and easily.
How do hackers find weak accounts and what services can be used to guess passwords
Using a tool to guess passwords via SSH
The tool hydra finds weak passwords via SSH
Alternatively instead of attacking a server directly, if an attacker can compromise an administrator he can steal SSH keys and keylog his passwords to gain access to the servers.
If a server or network is too secure, it might be easier for a hacker to try to comprise the administrator
Compromising the administrator can be done by sending malware by email or to bait an admin to click on a malware link
Hacker send dedicated handcrafted phishing email
Now that the three most common ways have been shown how hackers obtain unauthorized access to servers, the viewer should use this information to assess his own situation. This is called attack surface analysis.
Introducing the security process: assessment, diagnosis, planning, implementation, evaluation
By using a port scanner and a vulnerability the attack surface of the server is assessed
Open ports are categorized in groups and protections are planned
The no.1 reason why systems are hacked are missing security updates. Configuring automated installation of security updates is an essential step to cope with this risk.
Installing updates automated is critical for the system security
What are the required Linux packages per Linux distribution
How to properly configure the automated update process
Weak passwords are the no.2 reason why systems are broken into. Only allowing strong passwords helps to protect against that. A good alternative is the usage of SSH keys.
Installing the module for strong password requirements
How to configure strong password requirements for all Linux distributions
Alternatively: what are SSH keys and how to use them
Often servers are hacked because attacker could access services that should not have been reachable for them. Firewalling protects against this.
Analyze which service must be reachable over the network by whom
Install the firewall scripting module of the Linux distribution
Configure the firewall rules with the firewall script
The kernel is the heart of the Linux operating system and provides a lot of features that are good and bad for security, so it has to be configured well.
Choose if you want to configure and compile your own kernel
Configure the kernel dynamically against exploitation
Configure the kernel dynamically against network denial-of-service attacks
Network services can be started because the operating system thinks they are necessary – but are not. This makes a system unnecessary vulnerable.
Identify which network services are running and if they are necessary
Disable unnecessary services
Alternatively reconfigure the services so they are not reachable over the Internet
Every network service that is communicating with the Internet has to be hardened against attacks.
Search the web for hardening guidelines for each service
Check if how each service is started is hardened
Configure the service feature securely
Postfix is the best mail service as it very secure and very flexible. Still there are a lot of configuration options necessary to properly secure it.
Search the web for hardening options for Postfix
Ensure it is not running as root, and that it is chrooted
Secure the Postfix features and enable SSL
Apache is the most used web service. There are a lot of configuration options available to provide a good security.
Search the web for hardening options for Apache
Ensure it is not running as root
Secure Apache features and enable SSL
Booting up Linux can be modified by local attacker to gain root access to the system. Grub allows changing the boot options if no authentication is configured, which is the default.
Choose a secure password for authentication for grub
Edit the grub custom config file with the password hash and write a new config
Set Linux kernel dynamic hardening settings in /etc/sysctl.conf
SUID/SGID permission programs are an important mechanism for UNIX/Linux to example allow a user to change his password. However if a security is present in only one of these programs then the system can be compromised.
Identify which SUID/SGID programs are present on the system
Change permissions on those programs which are a risk
Setup a boot script which always performs these permission changes to prevent updates reverting the change
Permissions are the heart of local system security of every operating system. If an attacker can read a sensitive file or write to a config or program, the system might be compromised.
Understand the different permissions, read/write/execute, and special permissions SUID/SGID/sticky
Identify dangerous permissions, especially everyone writeable files and directories
Correct permissions that are at risk, best with a boot-up script
Using telnet, FTP and old SNMP is a high risk, as an attacker can capture login data on the network. It is better to use SSH which fully secures the session.
Do not use insecure protocols for administration like Telnet
Configure SSH securely
Use solely SSH for remote access, even tunnel web management through it
All log messages should be sent to a central and especially secured loghost. For monitoring, SNMPv3 can be used securely to gather system information.
Setting up syslog on the servers and the loghost
Configuring SNMPv3 securely
Think about deploying a full monitoring solution like Nagios
Data needs to be backed up in case of system failure or intrusion. Data can be synced, archived or saved with a full-blown backup software.
For syncing rsync should be used via SSH
tar and scp can be used to perform regular automated archiving
For incremental backups, use a full blown backup software
Two software packages can make your systems more secure: fail2ban and sudo. Fail2ban temporarily blocks attacking hosts with firewall rules, sudo allows fine-grained administrative access for non-admins.
Configure fail2ban to effectively discourage hackers
Configure sudo to allow non-admin users to example restart a service
Automation is the key to be a successful administrator. We want to daily port scan our servers and get informed if anything changes.
Install the packages and download an automation script
Run the installation for the automation script
Edit the configuration file
A regular vulnerability assessment scan is essential to ensure the systems are still secure. This video shows how to configure a week scan and email report with OpenVAS.
Ensure your setup is working and configure a daily update script
Configure an email alert and a weekly scheduler
Create a scan task that uses the scheduler and email alert
This was a long and complex training. What did we cover and what should be remembered as key elements.
Remember to run automatic updates, strong authentication and firewalling
Use service hardening and kernel sysctl tuning for optimal security
Good follow up training topics are ethical hacking and Docker
Do you worry about hackers hacking into your system running locally or remotely? Then this course is the one you're looking for! You'll learn how to secure your system from such attacks. Due to the lack of information about security-related attacks, administrators now face issues in dealing with these attackers as quickly as possible. Linux is the first choice for an attacker and more administrators have started moving to the system to create networks or servers for any task.
This comprehensive 3-in-1 course is an easy-to-follow guide with a step-by-step approach to various problems covering various Linux security administration tasks. You’ll start with discovering some of the tools hackers use to attack your server, such as NMAP, Reverse IP, and DDoS Attacks. Secure your Linux Server with firewalls and SSL encryptions. Also, learn how to prevent server exploits such as DDoS Protection, hardening login security protocols, and more! Towards the end, you’ll become a better Linux Admin by sharpening your Linux Security skills!
By the end of the course, you’ll not only secure your Linux server with the help of efficient tools and techniques but also protect networks from attacks by thinking like a hacker!
Contents and Overview
This training program includes 3 complete courses, carefully chosen to give you the most comprehensive training possible.
The first course, Linux Server Security, covers securing your Linux server with the help of efficient tools and techniques. You will start by discovering techniques that professional hackers use in order to scan a website and a server, in order to carry out their intrusion attacks. Next, you'll learn to create secure accounts where we'll look into deleting and creating user accounts password and monitoring servers. Further, you'll learn to maintain your Linux Server in order to get optimized performance and stability. Moving ahead, you'll focus on tools that can be used to enhance server security, understand the art of hardening passwords, and fix authentication failures. By the end of the course, you'll be confident enough to take control of your Linux servers and use hands-on techniques to protect your server from internet attacks.
The second course, Practical Linux Security Solutions, covers creating and administering a secured Linux system in your work environment. This course will help you understand the various vulnerabilities faced by the system and help you to overcome them. Whether you are new to Linux administration or experienced, it provides you with the skills to work with various security tools, thereby making your systems more secure. By the end of the course, you'll have mastered the art of preventing your Linux system from getting compromised.
The third course, Mastering Linux Security, covers protecting networks from attacks by thinking like a hacker! In this course, you'll learn to secure workstations and servers against unauthorized persons. You’ll start with the three critical fundamentals that must be dealt with first: updates, passwords, and firewalls. You’ll then get an overview of what it actually means to secure a system, what an attack surface is, how hackers perform attacks and how to successfully protect against them. You’ll learn to secure a Linux machine, by securely configuring and running services, performing logging, secure backups, and more. The course will show you how to secure your system locally or remotely. Finally, you’ll be shown how to verify your set up. By the end of the course, you'll have mastered security on Linux systems.
By the end of the course, you’ll be one step ahead of hackers by discovering and patching your network vulnerabilities as well as performing professional-level web penetration testing!
About the Authors
Aubrey Love II has been designing and developing websites for over 10+ years. He started off with a Commodore Vic20, on which he designed his first Hello World app at the age of 7. After attending several colleges and universities, he moved on and started his own website firm, in which he caters to all types of company, from startup ventures to Fortune 500 organizations.
Tajinder Kalsi has more than 9 years of working experience in the field of IT. He has conducted seminars all across India, on topics such as information security and Android application development at more than 120 colleges, teaching more than 10,000 students. Apart from training, he has also worked on VAPT projects for various clients. When talking about certifications, Tajinder is an ISO 2700 LA and also IBM certified analyst. Prior to this course, Tajinder authored Practical Linux Security Cookbook, published by Packt Publishing. He has also authored three video courses with Packt: Getting Started with Pentesting, Finding and Exploiting Hidden Vulnerabilities, and Pentesting Web Applications.
Marc “van Hauser” Heuse started to be interested in IT security in 1993. He founded one of the world's oldest security research communities—The Hacker's Choice (www. thc. org)—and is the author of several well-known security tools such as hydra, amap, thc-ipv6, THC-SCAN, SuSE firewall, and many others. From 1998 to 2007 he worked for SuSE, hardened the Linux distribution, and built-up the security team. Today he is an independent consultant and security researcher. Just for fun, he records training courses on how to secure Linux servers.