Rh413 Redhat Server Hardening
Daniel333
Posts: 2,077Member ■■■■■■□□□□
All,
Thinking of taking Redhat's server hardening exam for fun next. Any recommendations on self study mateirals and labs?
https://www.redhat.com/en/services/training/rh413-red-hat-server-hardening
Thinking of taking Redhat's server hardening exam for fun next. Any recommendations on self study mateirals and labs?
https://www.redhat.com/en/services/training/rh413-red-hat-server-hardening
-Daniel
Comments
This exam is very interesting but if you can do and understand all the tasks in comprehensive review from official course book you're good to go.
Also found finding the materials tough - as the exam objectives were a little vague.
Really you want to try and find out what the RH413 course contains - that would be a good base
http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx
Based on what Wolf said, focus on the RHEL 6 STIG. It's painful to go through each check since there's usually a couple hundred, but you will learn a lot.
If you want to get experience in hardening, look at the DISA Stigs, which are designed for RHEL, however could be applied to Fedora and Cent OS.
Also check out Bastille Linux.
BASTILLE-LINUX
"Its easier to deceive the masses then to convince the masses that they have been deceived."
-unknown
Interesting...first I've heard of this Bastille-Linux. Have you used it before Jock? If so, what do you like/dislike about it?
Sadly, you can lock yourself out of a perfectly good running version of Linux, so you have to be very careful when you implement it. However that happened to me back in 2002/2003...so the software may have changed to prevent that.
However on a positive note, it does a very good job of hardening whatever version of Linux you throw at it. You kind of have to know a little about Linux to install it.
Looks like the News and Updates isn't very active, however looks like the project is still active.
"Its easier to deceive the masses then to convince the masses that they have been deceived."
-unknown
Also AppArmor from SuSE is a good source of information
You can also use SCCS from Symantec : https://www.symantec.com/products/threat-protection/data-center-security/control-compliance-suite
This is a security scanner with very good explanations for all of STIG related issues.
On RHEL7/Fedora you can use OpenSCAP - this is great tool for system scanning.
@Brombulec - I concur, OpenScap is an excellent utility that I use when manually hardening systems. Currently working on getting it working in Satellite 6.
SANS has a number of Linux/UNIX hardening classes which would be another way to gain more knowledge on this subject:
https://www.sans.org/course/securing-linux-unix
"Its easier to deceive the masses then to convince the masses that they have been deceived."
-unknown
Wow..that costs over $2k more than the official RHEL course.
Actually when Red Hat shipped an already patched kernel (not kernel and patches separated) they were trying to hit oracle not CentOS or Scientific LInux.
I have earmarked a goal to do puppet scripts to apply the RHEL STIGS, but I don't really have the time atm.
Looking at the requirements, it doesn't look like SElinux is heavily involved? What about aide? I've used some locked down systems which had a lot of these controls configured. I assume the filesystem topic gets into facl and fine grained access controls? Where have you seen systems that heavily configured?
But the facls should be one of things of each admin's checklist. For me it's mandatory part of server hardening.
@Daniel333, I would just keep labbing the materials. There are a lot of topics on bastion hosts (resurgence with AWS), STIGS, etc, and give the RHEL Security Guide a read through.
This probably isn't related to the course but I assume the real reason to take a hardening course is to learn about hardening systems so in that regard, this is related. Another tool in the same vein for hardening, audit, and compliance is a new project opensourced by Adobe name hubbleStack. HStack has some pretty awesome features for doing audit, compliance reporting, and mitigation. It is on my short list of side projects to check out.
The RH413 course and exam would be geared towards hardening the main areas - it won't cover everything - and of course STIGs are very useful to learning how things hang together.
Amen. I highly recommend people Work through some DISA STIGs (DoD systems) and/or OpenScap Security Guides (non DoD systems) manually. These guides will show you a well rounded approach at hardening your server.
I've went through the RHEL 6 STIG manually and I learned a lot. However, I'm not prepared for the RHEL 7 STIG one yet though since its pretty brutal and still a draft that subject to major revision changes.
Some free EX413 study materials straight from Red Hat:
https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security_Guide/index.html
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Managing_Confined_Services/index.html
https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Security_Guide/index.html
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/SELinux_Users_and_Administrators_Guide/index.html
Course description: http://h20195.www2.hp.com/v2/GetPDF.aspx/c04586449.pdf
Stay tuned
I'm looking forward for the RHEL7 version of this exam