RH415 "Red Hat Security: Linux in Physical, Virtual, and Cloud" notes in the margin

tags: red hat, rhel

You will find here notes and links to official docs with information on products and technologies that described on RedHat Training. THIS DOCUMENT DOES NOT REPRINT ANY COPYRIGHTED CONTENT FROM REDHAT TRAINING. You will find here only public accessible outline.

Course description: RH415 "Red Hat Security: Linux in Physical, Virtual, and Cloud"

Image Not Showing Possible Reasons

• The image file may be corrupted
• The server hosting the image is unavailable
• The image path is incorrect
• The image format is not supported

Learn More →

Table of contents

• RH415 "Red Hat Security: Linux in Physical, Virtual, and Cloud" notes in the margin
  • Image Not Showing Possible Reasons The image file may be corruptedThe server hosting the image is unavailableThe image path is incorrectThe image format is not supported Learn More → Table of contents
    • 1. Managing Security and Risk
    • 2. Automating Configuration and Remediation with Ansible
    • 3. Protecting Data with LUKS and NBDE
    • 4. Restricting USB Device Access
    • 5. Controlling Authentication with PAM
    • 6. Recording System Events with Audit
    • 7. Monitoring File System Changes
    • 8. Mitigating Risk with SELinux
    • 9. Managing Compliance with OpenSCAP
    • 10. Automating Compliance with Red Hat Satellite
    • 11. Analyzing and Remediating Issues with Red Hat Insights
    • 12. Comprehensive Review

1. Managing Security and Risk

RHEL 8 Docs: Managing and monitoring security updates

Red Hat Enterprise Linux Life Cycle

Product Security Center

Notifications and Advisories

Red Hat CVE Database

Red Hat Security Blog Red Hat Security Blog (old place) Understanding Red Hat security ratings

Backporting Security Fixes

Red Hat Product Security Center

Red Hat Security Data Changelog

Common Vulnerabilities and Exposures

CVE-2014-3670 php buffer overflow bug

Red Hat Log4Shell cve

Log4Shell Wiki Ru

Using daysofrisk.pl with the Red Hat Security Data API

Days of Risk Report (automatically generated) sample report

Determining Common Platform Enumeration (CPE)

Common Platform Enumeration (CPE) is a standardized method of describing and identifying classes of applications, operating systems, and hardware devices present among an enterprise's computing assets

What is Clair?

Clair is an open source project which provides a tool to monitor the security of your containers through the static analysis of vulnerabilities in appc and docker containers.

Red Hat Blog: Scanning container image vulnerabilities with Clair

RHEL 8 Docs: Security hardening

RHEL 8 Docs: Securing Networks

Install OpenVAS (GVM) on Kali Linux

Kali Linux: Дистрибутив для пентестинга Список инструментов Kali Linux

OpenVAS wiki OpenVAS (Open Vulnerability Assessment System, Открытая система оценки уязвимости, первоначальное название GNessUs) — фреймворк, состоящий из нескольких сервисов и утилит, позволяющий производить сканирование узлов сети на наличие уязвимостей и управление уязвимостями. Все продукты OpenVAS являются свободным ПО. Большая часть компонентов выпускается под лицензией GPL

Установка и использование OpenVAS (GVM) на Kali Linux Использование сканера уязвимостей OpenVAS

Nikto – это сканер с открытым исходным кодом (GPL) для веб-серверов

git clone https://github.com/sullo/nikto
# Main script is in program/
cd nikto/program
# Run using the shebang interpreter
./nikto.pl -h http://www.example.com
# Run using perl (if you forget to chmod)
perl nikto.pl -h http://www.example.com

Проверяем на уязвимости любой сайт с помощью Nikto

Инструкция по использованию сканера веб-серверов Nikto

Vul - Agentless Vulnerability Scanner for Linux/FreeBSD

Tutorial - Local Scan Mode examples of config.toml for local and remote scan

How to install and setup Docker on RHEL 7/CentOS 7

2. Automating Configuration and Remediation with Ansible

Ansible.com Red Hat blog: Channel: Red Hat Ansible Automation

Red Hat kb: How to download and install Red Hat Ansible Engine Red Hat kb: Using Ansible in RHEL 8.6 and later

Learn Linux TV Tutorial: Using Ansible "Pull" Mode to Dynamically Automate Server/Workstation Builds

Linux System Roles

3. Protecting Data with LUKS and NBDE

Cryptsetup and LUKS - open-source disk encryption Cryptsetup is a utility used to conveniently set up disk encryption based on the DMCrypt kernel module. These include plain dm-crypt volumes, LUKS volumes, loop-AES, TrueCrypt (including VeraCrypt extension), BitLocker and FileVault2 formats.

Why LUKS?

• compatibility via standardization,
• secure against low entropy attacks,
• support for multiple keys,
• effective passphrase revocation,
• free.

Clevis is a pluggable framework for automated decryption.

Tang is a server for binding data to network presence.

RHEL8 Docs: Security Hardering: Configuring automated unlocking of encrypted volumes using policy-based decryption

4. Restricting USB Device Access

home | USBGuard The USBGuard software framework helps to protect your computer against rogue USB devices (a.k.a. BadUSB) by implementing basic whitelisting and blacklisting capabilities based on device attributes.

Features

• Rule language for writting USB device authorization policies
• Daemon component with an IPC interface for dynamic interaction and policy enforcement
• Command line and GUI interface to interact with a running USBGuard instance
• C++ API for interacting with the daemon component implemented in a shared library

RHEL8 Docs: Security Hardering: Protecting systems against intrusive USB devices

Using USBGuard vs. UDev rules for USB device authorization

5. Controlling Authentication with PAM

FreeBSD article: Подключаемые Модули Аутентификации (PAM)

Red Hat KB: What should go in password-auth vs system-auth in RHEL6 and RHEL 7

• The problem with /etc/pam.d/system-auth is that it contains modules that are not usable in remote configurations so remote services such as sshd, vsftpd now use /etc/pam.d/password-auth.

$ cat /etc/pam.d/sshd |grep system-auth
$ cat /etc/pam.d/sshd |grep password
auth       substack     password-auth
account    include      password-auth
password   include      password-auth
session    include      password-auth
$ cat /etc/pam.d/login |grep password
password   include      system-auth
$ cat /etc/pam.d/login |grep system-auth
auth       substack     system-auth
account    include      system-auth
password   include      system-auth
session    include      system-auth

pam_pwquality(8) PAM module to perform password quality checking

Создание политики паролей в Linux

RedHat KB: The meaning of the Valid field in the faillock(8) command output

SSSD Open Source Client for Enterprise Identity Management

SSSD on github

6. Recording System Events with Audit

Linux Audit

https://github.com/threathunters-io/laurel

The Linux Audit Project

RHEL7 Security Guide: System Auditing

RHEL Audit System Reference

Настройка auditd для обнаружения и расследования инцидентов информационной безопасности

7. Monitoring File System Changes

AIDE (Advanced Intrusion Detection Environment, [eyd]) is a file and directory integrity checker.

8. Mitigating Risk with SELinux

GitHub: SELinux Project

Dan Walsh Blog

YouTube: Red Hat Summit: Are you listening to what SELinux is telling you?

b374k PHP webshell 3.2

Dan Walsh's Blog: How do I tell what would be allowed by a boolean?

GitHub Blog: Introduction to SELinux

Kaspersky Web Traffic Security installation guide: Disable SELinux

Seriously, stop disabling SELinux.

CertDepot: RHEL7: How to deploy SELinux man pages Gentoo Wiki: SELinux/ru

SELinux Coloring Book

Github book: SELinux Notebook

Книга: Свен Вермейлен: Администрирование системы защиты SELinux

RHEL8 Docs Using SELinux: Writing a custom SELinux policy

RedHat KB: Basic SELinux Troubleshooting in CLI

9. Managing Compliance with OpenSCAP

The Security Content Automation Protocol SCAP is a synthesis of interoperable specifications derived from community ideas. Community participation is a great strength for SCAP, because the security automation community ensures the broadest possible range of use cases is reflected in SCAP functionality. This Web site is provided to support continued community involvement. From this site, you will find information about both existing SCAP specifications and emerging specifications relevant to NIST's security automation agenda. You are invited to participate, whether monitoring community dialog or leading more substantive activities like specification authorship.

SCAP Security Guide is a security policy written in a form of SCAP documents

Red Hat Enterprise Linux 8 STIG

Tailoring Files

It may sometimes be required to adjust the security policy to your specific needs. In Satellite, tailoring_files represent the custom modifications to default XCCDF profiles and they can be applied to hosts via compliance policies

OpenSCAP User Manual

Аудит информационной безопасности. XCCDF и OVAL

10. Automating Compliance with Red Hat Satellite

https://opensource.com/article/21/9/centos-stream-foreman

11. Analyzing and Remediating Issues with Red Hat Insights

12. Comprehensive Review