Defensive Linux Security & Hardening.

Learn more


Advanced RHEL/CentOS Defensive Security & Hardening is a dedicated training about how we can protect and attack a Linux OS. Mandatory access control, sandboxing, root user limitation and low-level accountability, ACL, service isolation on different layers: seccomp, capabilities or SELinux are just the beginning of the fun.

During dedicated labs, you will find out how to use different offensive and defensive tools, scripts, services and techniques to better understand how an attacker thinks and what are the most important actions of this modern adversary. Additionally, you will explore how to design secure, hardened systems and applications network services. Training content in formula “protection vs attack” will help you understand risks, identify network security blind spots and unexpected, uncovered spaces inside an OS.

This training is intended to increase skills needed to ensure data integrity on a critical system for organizations with the highest security standards. The discussed methods of automation will support the process of achieving compliance.


  • Introduction:
    • Defense in depth.
    • DevSecOps methodology.
    • Threat hunting.
  • Discretionary Access Control (DAC) vs Mandatory Access Control (MAC) → typical
    attack vectors against Linux OS, application and network services.
  • Secure file system design, attributes, flags, ACL and encryption.
  • Package management security and CVE tracking.
  • SSP, NX, PIE, RELRO, ASLR, LD_PRELOAD vs attacks.
  • The importance of SELinux:
    • Targeted policy vs exploits
    • Multi Category Security (MCS)
    • Rule Based Access Control
    • sVirt
  • Linux capabilities vs SUID attacks.
  • System call restriction - seccomp-BPF vs exploits.
  • Linux Containers - Docker security vs escaping.
  • Chroot / jail / nsjail vs escaping.
  • LKM-off / ptrace-yama / and other sysctl enforcing options.
  • Debuggers and profilers - gdb / strace / ltrace / ldd / yara.
  • Behavioral analysis and hacker’s fishing - systemtap / eBPF / sysdig.
  • Integrity checking - IMA/EVM.
  • Grub and secure boot configuration.
  • System update vs reboot.
  • Linux Domain Controller: HBAC / SUDO / RBAC.
  • PAM configuration: 2FA / sudo_pair / time-based access.
  • Secure SSH / SCP / SFTP + tips and tricks.
  • Advanced network firewall: iptables / nftables / ebtables.
  • Local and external security enumeration and reconnaissance tactics.
  • Linux visibility, auditing & accounting:
    • auditd
    • syslog
    • OSSEC
    • osquery
  • Linux Memory forensics - Volatility Framework vs malware.
  • Automation of STIG Hardening standard for RHEL/CentOS by using:
    • Ansible roles
    • Puppet manifests
    • Chef cookbooks
  • Summary and final lab.

Time Duration

2 days (9:00am - 5:00pm)

Who should attend

  • Linux Administrators & Engineers from banks and financial organizations
  • DevOps / Sysops team members
  • System Architects
  • IT Security Experts and Consultants

TRAINER: Leszek Miś

Leszek Miś is the Founder of Defensive Security, Principal Trainer & IT Security Architect. Recently he was a VP, Head of Cyber Security in Collective Sense - a Machine Learning Network Security Startup from the U.S. where he was responsible for product security research, strategy, business analysis & technical feature implementation and recommendation. He has over 13 years of experience in the IT security market supporting the world’s largest customers in terms of exfiltration simulations and penetration tests, infrastructure hardening and general Open Source and IT Security consultancy services. In addition, he has 11 years of experience in teaching and transferring a deep technical knowledge and his own experience. He has trained 600+ students with the highest rank. He is an IT Security Architect with offensive love and a recognized expert in the enterprise OSS market.


If interested in dedicated, closed training for your Linux Security team let us know. We love delivering on-site training sessions!