Linux LPI Level 3 Security 國際認可證書課程

隨著企業及個人對電腦及網絡的愈來愈倚重，系統及通訊上的安全變得愈重要。對於熟悉 Linux的你，保證你所管理的 Linux 系統安全是非常重要的一項工作。雖然現在有很多安全部件，有的已經編譯到 Linux 內核中，有的已經加入到很多 Linux 發行版本中，還有的以開放源代碼應用程序的形式單獨獲得。但是不少部件是需要安裝、適當的配置以及維護才可發揮它們保障你的 Linux 系統及通訊的功能。

本課程將會從互聯網服務、檔案系統、用戶 / 程式權限、用戶管理、網絡通訊等等多方面去介紹不同的方法去保障安全。

LPI 全名是 Linux Professional Institute，是一個來自加拿大的非牟利 Linux 專業團體。由於 LPI 的考試費用較為合理，考試制度及內容亦較齊全，所以 LPI 的考試制度會比其他 Linux 考試制度更適合香港的實際環境，而我們亦預計會有越來越多人選擇考 LPI 的考試。LPI 考試不指定某一發行版本 (Distributions)，但因實習之需要，本課程將以現時最流行的 Fedora 作示範例子。

本課程將教授 Linux 關於保安上的操作及管理，能幫助你掌握相關知識上的最新技術。修畢本課程後，學員可考取 LPI Level 3 Security 國際認可證書。 本課程籌備多時，精心編排。由上堂、溫習、實習、做試題、考試研習至最後考試，均為你度身訂造，作出有系統的編排。務求真正教識你，又令你考試及格。

1. Public Key Infrasturcture and Certificate
1.1 Encryption Overview
1.1.1 Symmetric Encryption
1.1.2 Asymmetric Encryption
1.1.3 Hybrid Encryption
1.2 Public Key Infrastructure Overview
1.3 About OpenSSL
1.4 Issuing a Self-Signed Certificate
1.5 Setting Up Root CA and Subordinate CA
1.6 Issuing Certificates with CRL / OCSP
1.6.1 About Certificate Revocation List (CRL)
1.6.2 About Online Certificate Status Protocol (OCSP)
1.6.3 Configuring CRL / OCSP Information and Revoking Certificate
1.7 Verifying and Testing Certifcate
1.8 Issuing and Using Client / User Certificates
1.9 Encrypting / Hashing using OpenSSL command
1.9.1 Encrypting / Decrpting with Symmetric Encryption:
1.9.2 Encrypting / Decrypting with Asymmetric Encryption Alone
1.9.3 Encrypting / Decrypting using Asymmetric Key via Symmetric Encryption
1.9.4 Hashing
1.10 Configuring Cetficates in Apache Web Server

2. DNS and Cryptography
2.1 DNSSEC
2.1.1 DNSSEC Overview
2.1.2 Enabling DNSSEC and Manually Configure DSNSEC Zone
2.1.3 Manually Maintaining DNSSEC Zone
2.1.4 Automatic Signing and Maintaining DNSSEC Zone
2.1.5 Networking Issues when Using DNSSEC
2.1.6 About DNSSEC Look-aside Validation (DLV)
2.2 DNS-based Authentication of Named Entities (DANE)
2.3 TSIG Overview

3. Packet Filtering
3.1 Firewall Overiew
3.2 netfilter and iptables
3.2.1 Basic Overview
3.2.2 Basic Rule for Filtering
3.2.3 Connection Tracking
3.2.4 Rules for Loopback and ICMP
3.2.5 NAT and Port Forwarding
3.2.6 iptables modules
3.3 Examples of ip6tables
3.4 ebtables
3.4.1 Configuring Linux As Bridge Device
3.4.2 Configuring Chains for Linux Bridge
3.4.3 Simple Illustration of ebtables Rules
3.4.4 Saving and Restoring ebtables Rules
3.5 nftables and nft
3.6 Configuring netfilter / iptables through FirewallD
3.6.1 Zones
3.6.2 Services
3.6.3 Chains and Rules Created by FirewallD
3.6.4 Configuring Zones and Direct Rules

4. Other Networking Security
4.1 OpenVPN
4.1.1 Configuring Office / Home Setup
4.1.2 Configuring Server / Client Setup
4.2 IPsec-Tools / racoon
4.3 FreeRadius
4.4 NFS
4.5 Samba

5. File System Access Control and Encryption
5.1 POSIX ACL
5.2 Extended Attributes
5.2.1 Copying Files with EAs Locally
5.2.2 Copying Files with EAs to Remote Location
5.2.3 Archiving Files with EAs
5.3 Security-Enhanced Linux (SELinux)
5.3.1 Basic Working of SELinux
5.3.2 Configuring SELinux Boolean
5.3.3 Configuring SELinux Context on Target File
5.3.4 Configuring SELinux Policy
5.4 Encrypted File System
5.4.1 dm-crypt
5.4.2 eCryptfs

6. System Securing, Monitoring and Intrusion Detection
6.1 Securing Linux System.
6.1.1 Disable Unused Services and Software
6.1.2 Drop unneed capabilites
6.1.3 Limit Resource Usage
6.1.4 Using chroot
6.1.5 sysctl
6.1.6 BIOS and Boot Loader Security
6.2 Monitoring
6.2.1 netstat / ss
6.2.2 nmap
6.2.3 Monitoring Traffic Rate
6.2.4 OpenVAS
6.2.5 Using Sniffers
6.3 Intrusion Detection
6.3.1 chrootkit
6.3.2 rkhunter
6.3.3 maldet
6.3.4 aide
6.3.5 auditd
6.3.6 snort

7. User Management and FreeIPA
7.1 About NSS
7.2 About PAM
7.2.1 Cofiguring Password Complexity
7.2.2 Cofiguring Password Expiry
7.2.3 Mangaing Failed User Login
7.3 About SSSD
7.4 About Kerberos
7.5 FreeIPA
7.5.1 Installing FreeIPA Server
7.5.2 Installing FreeIPA Client
7.5.3 Configuring Users
7.5.4 Configuring NFS Service