RH415
Red Hat Security: Linux in Physical, Virtual and Cloud (RH415)
Is based on Red Hat Enterprise Linux 7.5, will replace the existing RH413 course based on RHEL 6, which will be retired.
Learn skills needed to reduce security risk and to implement, manage, and remediate compliance and security issues with Red Hat Enterprise Linux servers in an efficient and scalable way.
Introduction
Thanks to its roots in UNIX, security has long been a strength of Linux and a valued feature for Red Hat customers. Red Hat Training and Certification is pleased to announce the release of a new course and accompanying exam Red Hat Security: Linux in Physical, Virtual and Cloud (RH415). This course addresses security challenges across architectures and features SELinux, OpenSCAP, and automation. This new course also integrates security automation and monitoring practices that are part of the official Red Hat security story. Red Hat Insights, Red Hat Satellite, and Ansible are now major tools used to best implement security management and monitoring at scale.
This new course, based on Red Hat Enterprise Linux 7.5, is designed specifically for senior system administrators, IT Security Administrators, IT Security Engineers, and other professionals responsible for designing, implementing, maintaining, and managing the security of Red Hat Enterprise Linux systems and ensuring their compliance with the organization’s security policies. The course focuses on management of Red Hat Enterprise Linux server security and compliance, whether run on bare metal servers, in virtual machines, or as a cloud instance. It will replace the existing RH413 course, which will be retired.
Students completing this course will develop skills needed to reduce security risk and to implement, manage, and remediate compliance and security issues with Red Hat Enterprise Linux servers in an efficient and scalable way. They will also be prepared to take the new associated exam to earn the credential Red Hat Certified Specialist in Security: Linux (EX415).
Learning Path
This course is a new addition to Red Hat’s suite of RHCA-level courses with a focus on security.
Since Red Hat Ansible Engine and Red Hat Ansible Tower are used for automation in RH415, students may be interested in taking Automation with Ansible I (DO407) and Automation with Ansible II: Ansible Tower (DO409) for more in-depth coverage of those automation tools.
The Red Hat Satellite 6 Administration (RH403) course would augment the coverage of Red Hat Satellite by this course.
Technical Overview
The Red Hat Security: Linux in Physical, Virtual, and Cloud (RH415) course is designed for experienced Linux system administrators who have RHCE certification or equivalent skills. A number of supporting technologies are discussed: Red Hat Satellite 6.3, Red Hat Ansible Engine 2.5, and Red Hat Ansible Tower 3.2, but students do not need to have prior experience with these tools before taking the course.
This course focuses on topics that are relevant to Red Hat Enterprise Linux server security management and compliance, wherever it is run.
The first chapter provides basic background information, introducing the course with a discussion of security and risk management using the Design-Build-Run-Manage-Adapt model. The Red Hat security response process, CVEs and RHSAs, understanding backporting, and management of security errata are covered. Basic security practices at installation, the concept of a standard operating environment, and management of access to the superuser account are also briefly reviewed.
In the next chapter, students are introduced to how automation can help maintain the secure, consistent configuration of servers, and are given a basic introduction to Ansible. By the end of the chapter, we expect students to know how to use and read playbooks provided to them, but not necessarily to write their own. We want students to see the value of security automation in its own right, but we also want them to be able to use remediation playbooks provided by the SCAP Security Guide and Red Hat Insights (covered later in the course). In addition, the value of Red Hat Ansible Tower as a way to manage machine credential security and to log and audit results of playbook runs is demonstrated.
Chapters 3 through 8 look at technologies that can be used to help maintain security and meet security requirements. Block device encryption using LUKS, and automatic decryption management using NBDE are both covered in Chapter 3. Chapter 4 covers how to use USBGuard to limit what USB devices can be connected to and used by a server. Chapter 5 is an in-depth discussion of how PAM manages user authentication and authorization, and includes coverage of password complexity management and restriction of access after failed login attempts.
Chapter 6 covers the Linux Audit system. Students learn how to configure and manage auditd, interpret audit logs, write their own custom audit rules, and apply existing pre-packaged audit rule sets included with the software that are intended to help meet compliance requirements. A brief discussion of keystroke logging is included. Chapter 7 discusses how to use AIDE to help detect file system changes, and how Audit can be used in conjunction with AIDE to investigate the cause of those changes.
Chapter 8 is focused on SELinux topics. After a quick review of core concepts, students learn how to convert an existing server that has SELinux disabled into one running in enforcing mode. They also learn about confined users and how to use them to limit a user’s access to the root account, to remote login, and to the ability to run executables from their home directory. Finally, basic policy analysis using tools like sesearch, sepolicy transition, and matchpathcon is covered.
Chapters 9 and 10 are focused on using OpenSCAP to manage compliance with security policies. Chapter 9 introduces OpenSCAP, the policies in the SCAP Security Guide, and how to customize policies with a tailoring file created in SCAP Workbench. It also covers how to scan individual systems for compliance with oscap, and how to create Ansible Playbooks from SCAP Security Guide content to remediate compliance issues. Chapter 10 shows how Red Hat Satellite 6.3 can be used to scale OpenSCAP scanning to many systems, using standard policies and tailoring files, and to centrally view and manage compliance reports.
Chapter 11 covers Red Hat Insights, and shows how it is a complementary tool to OpenSCAP. How to register systems, both through Customer Portal or proxied through Red Hat Satellite 6.3, is illustrated. Students learn about how to view and interpret Insights reports and how to use maintenance plans to create Ansible playbooks for automatic issue remediation. Due to the complexities of operational account/subscription management and since Insights is based on a SaaS model, this chapter currently has no hands-on activities for students.
The course concludes with a set of comprehensive review activities.
The Red Hat Identity Management content formerly in RH413 is sufficiently covered in the new Red Hat Security: Identity Management and Active Directory Integration (RH362) course and is not included here. Likewise, content sufficiently covered in the RHCSA or RHCE-track courses (permissions, basic SELinux, firewalld firewall management, system logging, password aging, and so on) is considered to be prerequisite knowledge and is not covered.
This course is available as Classroom, Virtual Training, Online Learning and in the RHLS – Red Hat Learning Subscription.
