Course Outline
Candidates for the Red Hat Certificate of Expertise in Server Hardening should be able to perform the following tasks:
- Identify Red Hat Common Vulnerabilities and Exposures (CVEs) and Red Hat Security Advisories (RHSAs) and selectively update systems based on this information
- Verify package security and validity
- Identify and employ standards-based practices for configuring file system security, create and use encrypted file systems, tune file system features, and use specific mount options to restrict access to file system volumes
- Configure default permissions for users and use special file permissions, attributes, and access control lists (ACLs) to control access to files
- Install and use intrusion detection capabilities in Red Hat Enterprise Linux to monitor critical system files
- Manage user account security and user password security
- Manage system login security using pluggable authentication modules (PAM)
- Configure console security by disabling features that allow systems to be rebooted or powered off using bootloader passwords
- Configure system-wide acceptable use notifications
- Install, configure, and manage identity management services and configure identity management clients
- Configure remote system logging services, configure system logging, and manage system log files using mechanisms such as log rotation and compression
- Configure system auditing services and review audit reports
- Use network scanning tools to identify open network service ports and configure and troubleshoot system firewalling
As with all Red Hat performance-based exams, configurations must persist after reboot without intervention.