Cómo configurar Auditd en Rocky Linux 9 para auditar el sistema

Cómo configurar Auditd en Rocky Linux 9 para auditar el sistema #Linux #RockyLinux #auditd

Auditd es uno de esos servicios de Linux con los que puedes tener una bonita relación de amor, odio a partes iguales, pero en cualquier caso, siempre es recomendable tenerlo activo en tu sistema, y, sobre todo, tener unas buenas reglas de auditoría de tu sistema. Te voy a contar cómo instalarlo en Rocky Linux 9 y que reglas estoy usando yo. Puedes ver otras cosas que he hecho en el servidor en…

Mastering Rogue File Detection with Python's Auditd Module

Introduction Hunting down rogue files with Python’s auditd module is a crucial task for system administrators and security professionals. Rogue files can be a sign of malicious activity, and identifying them quickly can prevent further damage to your system. Python’s auditd module provides a powerful tool for auditing system events and detecting anomalies. In this tutorial, we will explore how…

Detectar Acciones Maliciosas Más Comunes en Entorno Linux | #AdministradorSistemas #Auditd #LinuxSecurity #SeguridadLinux #SIEM #Linux

Real-World Applications of RHCSA and RHCE Skills

The Red Hat Certified System Administrator (RHCSA) and Red Hat Certified Engineer (RHCE) certifications are highly regarded in the IT industry. These certifications validate an individual's skills in managing and automating Red Hat Enterprise Linux environments. However, the value of these certifications extends beyond just passing exams; the skills acquired are directly applicable to various real-world scenarios in the IT domain. Let's explore some of the practical applications of RHCSA and RHCE skills.

1. Server Management and Maintenance

RHCSA:

User and Group Management: Creating, modifying, and managing user accounts and groups. This is crucial for maintaining security and organization within a server environment.

File Permissions and ACLs: Setting appropriate permissions and access control lists to protect sensitive data and ensure users have the necessary access to perform their jobs.

Service Management: Starting, stopping, enabling, and disabling services using systemctl. This is essential for maintaining the uptime and performance of services.

RHCE:

Advanced System Monitoring: Using tools like top, htop, vmstat, and iotop to monitor system performance and diagnose issues.

Network Management: Configuring and troubleshooting network interfaces, firewalls, and SELinux settings to secure and optimize network communications.

2. Automating System Administration Tasks

RHCSA:

Shell Scripting: Writing basic scripts to automate repetitive tasks, such as backups, user creation, and log rotation.

Cron Jobs: Scheduling routine tasks to run automatically at specified times, ensuring consistent system maintenance without manual intervention.

RHCE:

Ansible Automation: Utilizing Ansible for configuration management and automation. Creating playbooks to automate complex multi-tier deployments and configurations.

Automating Deployments: Streamlining the process of deploying applications and services using automated scripts and configuration management tools.

3. System Security and Compliance

RHCSA:

Security Enhancements: Implementing basic security measures such as configuring firewalls with firewalld, and managing SELinux to enforce security policies.

Auditing and Logging: Setting up and maintaining system logs to monitor and audit system activities for compliance and troubleshooting purposes.

RHCE:

Advanced Security Configurations: Applying more sophisticated security measures such as configuring advanced SELinux policies, managing TLS/SSL certificates for secure communications, and implementing secure SSH practices.

System Auditing and Reporting: Using tools like auditd to create detailed security audits and reports, ensuring systems comply with security policies and standards.

4. Troubleshooting and Problem Solving

RHCSA:

Basic Troubleshooting: Using commands like journalctl, dmesg, and systemctl to diagnose and resolve common issues related to system performance, boot processes, and service failures.

Disk Management: Managing storage with LVM (Logical Volume Management) and understanding disk usage with tools like df and du.

RHCE:

Advanced Troubleshooting: Diagnosing complex issues involving network services, storage systems, and application performance. Using advanced tools and techniques to pinpoint and resolve problems.

System Recovery: Implementing disaster recovery plans, including restoring from backups, repairing boot issues, and recovering corrupted file systems.

5. Managing Enterprise Environments

RHCSA:

Package Management: Installing, updating, and managing software packages using yum or dnf, ensuring that systems have the necessary software and updates.

Network Configuration: Setting up and managing basic network configurations, including IP addresses, DNS settings, and hostname configurations.

RHCE:

Centralized Authentication: Setting up and managing centralized authentication services such as LDAP, Kerberos, and integrating with Active Directory.

Clustering and High Availability: Configuring and managing Red Hat High Availability Clustering to ensure critical services are always available.

6. DevOps and Continuous Integration/Continuous Deployment (CI/CD)

RHCSA:

Version Control Systems: Basic knowledge of version control systems like Git, which is fundamental for managing code and configuration files.

Containerization: Introduction to containerization concepts using tools like Docker.

RHCE:

CI/CD Pipelines: Setting up and managing CI/CD pipelines using tools like Jenkins, GitLab CI, or Red Hat OpenShift, enabling automated testing, integration, and deployment of applications.

Advanced Container Management: Managing and orchestrating containers using Kubernetes and Red Hat OpenShift, ensuring scalable and reliable deployment of containerized applications.

Conclusion

The skills acquired through RHCSA and RHCE certifications are not just theoretical but have direct, practical applications in the real world. Whether it's managing and securing servers, automating administrative tasks, or setting up robust enterprise environments, these certifications equip IT professionals with the knowledge and tools necessary to excel in their careers. By applying these skills, professionals can ensure efficient, secure, and high-performing IT operations, ultimately driving organizational success.

For more details click www.qcsdclabs.com

Its fine. Just do it. Harden systemd and restrict namespace, also make sure apparmor is enforcing profiles, also configure nftables and add an application firewall as well to work in conjunction. Also enable pam. Also Auditd, also install paru it is better than yay. Also change from neofetch to fastfetch as neofetch is outdated. Also for security patches (the ones not immediately implemented in the mainline kernel) check here https://patchwork.archlinux.org/. Also bubblejail is good. Idk this is my two cents on arch for a newbie user.

And once you are comfortable, try out hyprland, trust me it shall be fine :333

chat was installing Arch as my second ever Linus distro a dumbass move? i really like it but now people have me panicking

Security Hardening for Linux Servers

Linux Course, Security hardening for Linux servers is a critical process that involves implementing various measures to enhance the security and resilience of the server environment. It aims to reduce vulnerabilities and mitigate potential risks. Here's an overview of security hardening practices:

Regular Updates: Keep the server's operating system, software, and applications up-to-date with the latest security patches. This prevents exploitation of known vulnerabilities.

Minimal Installation: Install only the necessary software and services. Remove or disable unused applications to reduce the attack surface.

Strong User Authentication: Enforce strong password policies, encourage password complexity, and consider using multi-factor authentication (MFA) for added security.

Firewall Configuration: Set up firewalls to control incoming and outgoing network traffic. Limit access to essential services and only allow necessary ports to be open.

Access Control: Implement the principle of least privilege (PoLP). Restrict user privileges to only what is required for their tasks. Use sudo to grant administrative access.

File System Permissions: Properly configure file and directory permissions. Use the principle of least privilege to ensure that only authorized users can access and modify files.

Disable Root Login: Disable direct root login via SSH. Instead, use a regular user account and then switch to root using the 'sudo' command.

Secure Communication: Use secure communication protocols like SSH for remote access and HTTPS for web services. Disable insecure protocols like Telnet and FTP.

Intrusion Detection and Prevention: Implement intrusion detection and prevention systems (IDS/IPS) to monitor and block suspicious activities.

Regular Backups: Perform regular backups of important data and configurations. This aids in recovery in case of a security incident.

Security Auditing: Regularly audit server logs for signs of unauthorized access or suspicious activities. Tools like 'auditd' can be used for this purpose.

Disable Unnecessary Services: Turn off any unnecessary services and daemons that could potentially be exploited.

Application Whitelisting: Only allow approved applications to run on the server, reducing the risk of malware execution.

Security Updates and Alerts: Stay informed about security threats and vulnerabilities. Subscribe to security mailing lists and news sources to promptly apply relevant patches.

Regular Assessments: Periodically conduct security assessments and penetration testing to identify vulnerabilities and weaknesses in your server environment.

By following these security hardening practices, Linux server administrators can significantly reduce the risk of security breaches and unauthorized access, ensuring the confidentiality, integrity, and availability of their server and the data it hosts.

Hunting for Persistence in Linux (Part 1): Auditd, Sysmon, Osquery (and...

Forwarded from Pentesting News

Hunting for Persistence in Linux (Part 1): Auditd, Sysmon, Osquery (and Webshells) https://pberba.github.io/security/2021/11/22/linux-threat-hunting-for-persistence-sysmon-auditd-webshell/ Hunting for Persistence in Linux (Part 2): Account Creation and Manipulation https://pberba.github.io/security/2021/11/23/linux-threat-hunting-for-persistence-account-creation-manipulation/ Hunting for Persistence in Linux: Part 3 - Systemd, Timers, and Cron https://pberba.github.io/security/2022/01/30/linux-threat-hunting-for-persistence-systemd-timers-cron Part 4 - Initialization Scripts and Shell Configuration https://pberba.github.io/security/2022/02/06/linux-threat-hunting-for-persistence-initialization-scripts-and-shell-configuration Part 5 - Systemd Generators https://pberba.github.io/security/2022/02/07/linux-threat-hunting-for-persistence-systemd-generators #Offensive #security #cybersecurity #infosec

Hunting for Persistence in Linux (Part 1): Auditd, Sysmon, Osquery, and Webshells - pepe berba An introduction to monitoring and logging in linux to look for persistence.

bn a clown iz all fun n gamez until u step on sum1s toes n dey tattl on u an now ur getn auditd n hav 2 prove ur loyalty 2 da empire n ur church dutiez n den hide ur stashes cuz u got sumn u shuldnt an u don’t wana get sent 2 Da Bad Place for reedukshun

F27 rpmdb bug, auditd and augenrules

Saw a similar rpmdb lock bug to this: https://bugzilla.redhat.com/show_bug.cgi?id=918184 Have enabled the audit log to watch out for it in the future.

ush@gargantua ~]$ sudo dnf update [sudo] password for ush: warning: rpmdb: BDB2053 Freeing read locks for locker 0xc24: 12836/139735431249280

The auditd logging system is completely independent of syslog and derivatives http://security.blogoverflow.com/2013/01/a-brief-introduction-to-auditd/ Q: is it now more integrated with journald? PanuMatilainen suggested https://bugzilla.redhat.com/show_bug.cgi?id=918184#c1

# echo "-w /var/lib/rpm/Packages -p war -k rpmdb" >> /etc/audit/audit.rules # systemctl restart auditd.service After that, the next time that something has misbehaved and you get those "freeing read locks ...: /" messages, you can look rpmdb accessing processes by their pid with # ausearch -k rpmdb --pid To identify the troublemaker for sure, the pid of the "freeing read locks" message needs to be matched to those of audit logs. Taking the original message as an example: BDB2053 Freeing read locks for locker 0x1bf4: 4981/140246004406208 Here, the pid of the naughty process who left locks behind is 4981. So to search for the process that caused it, you need to do: # ausearch -k rpmdb --pid 4981

Instead have appended the new audit rule to /etc/audit/rules.d/audit.rules The systemctl restart of the auditd is no longer possible. Use augenrules instead. Do I really need to disable the -a never,task and what is its actual impact on performance?:

[ush@gargantua ~]$ sudo auditctl -l -a never,task [ush@gargantua ~]$ sudo augenrules --load No rules [ush@gargantua ~]$ sudo auditctl -l -a never,task -w /var/lib/rpm/Packages -p rwa -k rpmdb

This seems to be the best reference (is pointed to in the systemd unit) https://github.com/linux-audit/audit-documentation/wiki/SPEC-Writing-Good-Events https://security.stackexchange.com/questions/4629/simple-example-auditd-configuration Seems like the rules should be broken into 3 types in /etc/audit/rules.d/audit.rules (for clarity): CONTROL, FILE/DIRECTORY, SYSCALL (see man audit.rules). Syscall rules should follow the template:

-a action,list -S syscall -F field=value -k keyname

-a {always,never},{task,exit,user,exclude} -S {name or number} -S {othername or number} -F {auid,uid,euid,suid,fsuid,obj_uid,gid,egid,sgid,fsgid,obj_gid} -k $keyname-defined-by-you

Then

aureport --start this-week --key --summary

This related post is interesting in context of how augenrules works by merging all the contents of rules.d https://github.com/OpenSCAP/scap-security-guide/issues/551 This is a good first part of two-part tutorial https://www.tecmint.com/linux-system-auditing-with-auditd-tool-on-centos-rhel/

SOLUTION AT Academic Writers Bay 1. A network engineer is preparing an implementation plan of XUMUC. She is not certain as to which layer of the Cisco hierarchical model to implement quality of service, and to configure security policies and to connect access devices to the core backbone.  Choose from the list, below, the layer that you would select.(Select the best answer) a. Network Layerb. Core Layerc. Access Layerd. Application Layere. Distribution Layer 2. Refer to the exhibit below. During which stage of PPDIOO process, do you prepare configurations details? a. Prepareb. Planc. Designd. Implementatione. Operate 3. XUMUC is an online university which recently added a new Application serverto enhance the virtual class room environment. The university added a fifth ISP to connect this application server to the Internet. In which sub module of the Cisco Enterprise Module, would you place the server? a. Enterprise Campusb. Edge Distributionc. E-Commerced. Enterprise Edgee. Internet Connectivity 4. During the planning stage of a network upgrade, the customer wants a 30% improvement on the response the users get from the database.  During which stage of characterizing the customer’s network would you address this requirement? a. Design Phaseb. Performance Requirementc. Implementation phased. Operational Phase 5. Would you determine the network to be healthy when you have documented 25% of multicasts on one segment? Answer true or false. a. Trueb. False 6. During your characterization of the network, you realize that WAN implementations and LAN networks are managed by different groups.  During which data collection stage would you note this information? a. Design Requirementb. Technical Requirementc. Office Politicsd. Ignore 7. From the list below select all the advantages of hierarchical design? a. Fault toleranceb. Scalabilityc. Ease of manageabilityd. Predictabilitye. All of the above 8. You need to add a new site to your hierarchical network. Which of the following are possible places in which to connect a new site to your existing network? (Select 2) a. Access layerb. Distribution layerc. Core layer 9. The customer wants you to determine the maximum number of multimedia workstations that should populate a segment. What information do you need from the customer in order to proceed with this request? a. LAN Protocolb. Bandwidth on the segmentc. Application running on the segmentd. Number of userse. Fiber or Cat5 cable 10. Which layers of the OSI model does RMON2 operate on? a. Physical to Data linkb. Physical to Networkc. Network to Applicationd. Physical to Application 11. You have been assigned to collect and characterizing an existing network. Which of the following stages would you first consider when characterizing an existing network? (Select the best answer.) a. organizational inputb. traffic analysisc. network auditd. network assessment 12. Which of the following data center designs provides the best combination of availability, scalability, redundancy, and WAN affordability?  (Select the best answer.) a. multisite data centers located in close proximityb. multisite data centers spread across a large geographical areac. single-site data center with clustered serversd. single-site data center 13. List one limitation of a bottom-up approach to network design? a. It is more time-consuming than the top-down approach.b. It does not focus on devices and technologies.c. It focuses on applications and services.d. It can lead to costly redesigns.e. It requires a detailed analysis of an organization’s requirements. 14. Which of the following statements is true in a data center design that utilizes layer 3 devices between the access layer and the aggregation layer?  (Select the best answer.) a. VLANs can span multiple access layer switches.b. Layer 3 load balancing is not supported at the access layer.c. The default gateway for each VLAN is located in the aggregation layer.d. HSRP is not required.e. An FHRP is required. 15. Which

of the following statements is true regarding the core layer firewall in the base e-commerce module design?  (Select the best answer.) a. The core layer firewall connects directly to the SLB.b. The core layer firewall connects directly to the server farms.c. The core layer firewall operates in routed mode.d. The core layer firewall is typically an appliance-based platform.e. The core layer firewall is configured with multiple contexts. 16. You are reviewing a high level network diagram to locate the DHCP server. In which modules would you expect to find the company’s DHCP server? (Select 2) a. data centerb. enterprise edgec. building accessd. building distributione. building core 17. A customer wants to connect 12 sites over a WAN. The customer also wants to configure OSPF on each router.Which of the following topologies would require the greatest number of neighbor relationships on each router?  (Select the best answer.) a. starb. ringc.��full meshd. hub-and-spokee. partial mesh 18. You want to select a technology which will provide authentication, encryption, and message integrity. From the list below, which one you would select? a. RMONb. SNMPv1c. RMON2d. SNMPv3e. SNMPv2 19. You are gathering the network requirements to upgrade an existing network.In which of the following categories of the proposal would you consider the budgeted costs? (Select the best answer.) a. organizational goalsb. organizational constraintsc. technical goalsd. technical constraints 20. In a job interview, you were asked to identify the appropriate location in the Enterprise Architecture Module in which to place e-Commerce servers. From the list below, choose the best answer. a. SP edgeb. enterprise data centerc. enterprise edged. enterprise campus 21. From the list of sub-modules, below, select the sub-module of the SP edge module. a. campus core layer, building distribution layer, and building access layerb. enterprise WAN, Internet connectivity, e-commerce servers, and remote access via VPNc. PSTN services, site-to-site WAN access, and ISP connectivityd. enterprise data center, enterprise branch, and teleworkers 22. In a switched hierarchical design, which enterprise campus module layers exclusively use Layer 2 switching?  (Select the best answer.) a. only the building distribution layerb. only the building access layerc. the building distribution and campus core layersd. only the campus core layere. the building distribution and building access layers 23. Which of the following statements best describes NetFlow?  (Select the best answer.) a. NetFlow is a Cisco IOS feature that causes minimal impact on the CPU utilization on each network device during an audit.b. NetFlow is a security appliance that serves as the focal point for security events on a network.c. NetFlow is used to monitor and manage network devices by collecting data about those devices.d. NetFlow is a protocol that extends the standard MIB data structure and enables a managed device to store statistical data locally. 24. MegaCorp is upgrading its existing X.25 network to a more modern and flexible frame relay network. MegaCorp’s contract with its existing X.25 service provider expires in 2 months. The network equipment that is currently in use will not support frame relay connections. Therefore, all existing X.25 equipment will have to be replaced. The current technical staff must be trained on the new technology choice. What is the organizational constraint faced by MegaCorp? a. The fact that the contract expires in two monthsb. The cost associated with the new frame relay networkc. The budget to buy all new frame relay compatible devicesd. The budget to buy all new frame relay compatible devicese. The compatibility between the X.25 and frame relay protocols 25. XYZFoodCorp is a food distribution company with 200 warehouses located throughout Asia, Europe, and North America. XYZFoodCorp plans to roll out a new e-commerce application allowing customers to order products directly from their website.

Because company policy dictates that all electronic data must be stored locally, this e-commerce application will be hosted from Tokyo and will require a new connection to a local ISP. XYZFoodCorp believes that this new ordering process will reduce their time to deliver while increasing their market share. Additionally, the new ordering system should reduce existing expenses associated with the current order processing system. Management believes that all existing customers will prefer to use the new ordering system, and therefore require 99.9% system and network up time. XYZFoodCorp would like to further utilize the new network to reduce toll charges between the headquarters and each warehouse. Management plans to have the new systems in place within six months. Once orders are placed, they will be routed to the correct warehouse for order fulfillment. Each warehouse is currently connected to the headquarters via dial up connections. The new ordering system will require a minimum of 256kpbs between each warehouse and Tokyo. Management has budgeted $250,000 USD for new network equipment and $100,000 per year for circuit costs. XYZFoodCorp’s IT department consists of two technical support technicians who currently have no expertise with networking. The new CTO plans to outsource the design and implementation of the network and hire one new technician to perform network management. XYZFoodCorp’s Management is very concerned with the security of the new application and the new threats posed by connecting the headquarters to the Internet. What major goals does XYZFoodCorp hope to achieve from this project? (Choose two.) a. Increase market shareb. Roll out a new ordering systemc. Outsource the network managementsd. Provide VoIP services between locationse. Reduce ordering system associated costs CLICK HERE TO GET A PROFESSIONAL WRITER TO WORK ON THIS PAPER AND OTHER SIMILAR PAPERS CLICK THE BUTTON TO MAKE YOUR ORDER

marjorie taylor greene and  her Save America Stop Socialism PAC are under heightened scrutiny from Federal Election Commission Officials because of what Regulators say are financial discrepancies and an impermissible contribution.

October 19, 2022: FEC Officials sent a letter to SASSP officials stating there are several errors in their amended financial report from July, 2022 including calculation mistakes and inconsistencies with the committee's reported cash on hand

FEC officials also found the SASSP improperly sent $5,000 to help US House candidate j.r. majewski's win his congressional Primary Election in Ohio

FEC officials said greene sent the money to majewski's campaign after the Primary ended, violating Federal Rules. 

November 23, 2022: Is the last date to respond to the FEC's letter. They will not be granting greene and her political action committee an extension

If greene and her SASSP don’t respond they could face Federal Auditds, Fines and in extreme cases referrals to the Department of Justice for criminal investigation.

j.r. majewski has been questioned about his financial transparency and Military Service Record, now faces Democratic Rep. Marcy K. tur in one of the nation's tightest House races in November

https://www.businessinsider.com/marjorie-taylor-greene-mtg-pac-fec-campaign-money-2022-10

Openssh server

OPENSSH SERVER PASSWORD

# Additionally, only tools such as systemd and auditd record the process session id. # On Linux, user sessions are tracking using a kernel-side session id, however, this session id is not recorded by OpenSSH. This is because it's difficult to track which process belongs to which root user: # Root login is not allowed for auditing reasons. Subsystem sftp /usr/lib/ssh/sftp-server -f AUTHPRIV -l INFO # Log sftp level file access (read/write/etc.) that would not be easily logged otherwise. Needed to have a clear audit track of which key was using to log in. # LogLevel VERBOSE logs user's key fingerprint on login.

OPENSSH SERVER PASSWORD

KexAlgorithms Password based logins are disabled - only public key based logins are allowed. # Supported HostKey algorithms by order of preference. This guide shows settings for the most commonly deployed OpenSSH versions at Mozilla - however, using the latest version of OpenSSH is recommended. | OpenSSH server Configuration��ifferent versions of OpenSSH support different options which are not always compatible. See man sshd_config, man ssh_config for more information on specific settings if you nevertheless need to change them. This also assumes that you are keeping OpenSSH up-to-date with security patches. For example, these guidelines assume only SSH protocol 2 is configured in the server, and SSH protocol 1 is disabled. Most default OpenSSH settings that are security-related already provide good security, thus changing them is at your own risk and is not documented here. Only non-default settings are listed in this document The Security Assurance and Security Operations teams maintain this document as a reference guide. The goal of this document is to help operational teams with the configuration of OpenSSH server and client.Īll Mozilla sites and deployment should follow the recommendations below.

CISSP PRACTICE QUESTIONS – 20220213

CISSP PRACTICE QUESTIONS – 20220213

Which of the following is not an audit conducted by external parties? (Wentz QOTD)A. First-party auditB. Second-party auditC. Third-party auditD. Regulatory audit Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications. (more…)

View On WordPress

Comando pstree no Linux (lista processos) [Guia Básico]

O comando pstree no Linux irá mostrar toda a árvore de processos desde o init ou systemd até o último processo em execução. É similar ao comando ps –auxf. Ele é útil para entendermos a hierarquia dos processos no Linux. Além das opções abaixo, o pstree poderá mostrar a hierarquia pertencente a um usuário ou de um processo específico através do seu PID. -a: Esta opção mostra a linha de comando utilizada para iniciar os processos; -c: Desabilita a função de mesclar os processos idênticos no mesmo nível de hierarquia; -G: Utiliza o formato VT100 para mostrar as linhas entre os processos no lugar dos caracteres de teclado; -h: Destaca os processos ligados ao terminal no exato momento; -p: Inclui o PID dos processos na listagem. Exemplo: $ pstree -G -c -psystemd(1)─┬─acpid(2813)├─agetty(2674)├─agetty(2675)├─atd(2570)├─auditd(1884)───{auditd}(1885)├─chronyd(1940)├─crond(2590)├─dbus-daemon(1909)├─dhclient(2211)├─firewalld(1915)───{firewalld}(2274)├─nginx(10982)─┬─nginx(10983)│ ├─nginx(10984)│ └─nginx(10985)├─php-fpm(2387)─┬─php-fpm(2412)│ ├─php-fpm(2413)│ └─php-fpm(30458)├─rsyslogd(2542)─┬─{rsyslogd}(2559)│ └─{rsyslogd}(2744)├─systemd-journal(1421)├─systemd-logind(1919)└─systemd-udevd(1787) https://youtu.be/LEH2EI9bu5Y Aprenda muito mais sobre Linux em nosso curso online. Você pode efetuar a matrícula aqui. Se você já tem uma conta, ou quer criar uma, basta entrar ou criar seu usuário aqui. Gostou? Compartilhe   Read the full article

[Media] linikatz

linikatz A tool to attack AD on UNIX This repository contains all of the scripts and source code for "Where 2 Worlds Collide: Bringing Mimikatz et al to UNIX"👆 In addition to the main linikatz.sh script, this also includes auditd policies, John the Ripper rules, Metasploit post-exploitation modules and fuzzers. https://github.com/CiscoCXSecurity/linikatz #infosec #pentesting #redteam

Linux Diagnostics And Troubleshooting

Linux Diagnostics And Troubleshooting. This course is aimed at senior system administrators who wish to learn more about troubleshooting.

Overview

The Red Hat Enterprise Linux Diagnostics and Troubleshooting course (RH342) provides system administrators with the tools and techniques they need to successfully diagnose, and fix, a variety of potential issues. Students will work through hands-on problems in various subsystems to diagnose and fix common issues.

Audience

The Red Hat Enterprise Linux Diagnostics and Troubleshooting course is aimed at senior system administrators who wish to learn more about troubleshooting.

Prerequisites

Have earned a Red Hat Certified System Administrator (RHCSA) or have similar experienceIt is recommend that students have earned a Red Hat Certified Engineer (RHCE) or have similar experience Skill level: Intermediate Level Students: 398 Languages: EnglishCaptions: No Lectures: 81 Video: 10 hours

Introduction

What is troubleshooting?Troubleshooting a login issueCollecting InformationSystem JournalTroubleshoot a web server issue using the log filesUsing Red Hat ResourcesCollecting Information with SOSREPORTPractice Lab SessionTroubleshoot a FTP Connectivity Issue

Monitoring Systems

System Monitoring with CockpitPerformance Co-Pilot or pcpCentralized log server using rsyslogPractice Lab SessionIntrusion detection software to monitor changesAdvanced Intrusion Detection Environment (AIDE)Practice Lab SessionSystem Auditing with auditd

Identifying Hardware Issues

Identify various harwdare and their problemsHardware Error Reporting using mcelog and rasdaemonMemory Testing using memtest86+ packageManging Kernel ModulesLoading and unloading modulesManaging module optionsTroubleshooting to disable MSI-X interrupt handling in the driver

Troubleshooting Storage Issues

Overview of Linux Storage StackVirtual File SystemFilesystems & Device ManagerDevice Mapper MultipathRecovering from File System CorruptionChecking & Repairing ext3/ext4 fs using e2fsckChecking & Repairing xfs fs using xfs_repairRecovering LVM IssuesPractice Lab Session - using vgcfgrestoreMigrating a Volume Group from one system to anotherRecovering Metadata in LVMPractice Lab SessionConfiguration of Iscsi target & InitiatorPractice Lab Session on  iscsi target & initiator - 1Practice Lab Session on  iscsi target & initiator - 2 Troubleshooting RPM Issues Resolve package management dependency issuesIdentify & fix dependency issueRecover a corrupted RPM DatabaseWorking with transaction history using Yum commandReverting & repeating transaction using yum commandPractice Lab Session Troubleshooting a Network Issues Check Network ConnectivityScanning Network Ports using nmapCommunicating with a remote service using nc commandMonitoring Network traffic using iptraf-ngTroubleshooting a network issue (One network interface is not working properly)Troubleshooting tips related with device names of ethernet interfaceDisable consistent network device namingOverview NetworkManagerPractice Lab SessionCapturing Packets with tcpdumpPractice Lab Sessions Troubleshooting a Boot Issues Linux Boot processBooting of RHEL 7 with systemdOverview of Grub2Grub2 featuresBooting into Grub MenuProtect Grub by appying a passwordLab on Basic System Recovery (Initramfs file missing/Corrupted)Lab on Basic System Recovery (Grub related issues like grub is missing)Lab on Basic System Recovery (Master Boot Record missing/corrupted)Rescue Modue in RHEL 7Practice Lab SessionReset the root passwd using installation diskReset the root passwd using rd.break Troubleshooting a Security Issues Troubleshooting a SELinux IssueChanging SELinux contexttroubleshooting ftp connectivity issue using booleansSELinux Audit Logs & TroubleshootingOverview of PAM SecurityConcepts of PAMPAM Modules & ConfigurationsPAM Module GroupsControl Flags in PAMPAM Moduleslast lecture What you’ll learn Linux Diagnostics And TroubleshootingTo fix common issues on a Red Hat Enterprise Linux machine, using tools provided by the distribution.What is troubleshooting?Troubleshooting a login issueTroubleshoot a web server issue using the log filesTroubleshoot a FTP Connectivity IssueSystem Monitoring with CockpitCentralized log server using rsyslogAdvanced Intrusion Detection Environment (AIDE)System Auditing with auditdIdentify various harwdare and their problemsHardware Error Reporting using mcelog and rasdaemonManging Kernel ModulesTroubleshooting to disable MSI-X interrupt handling in the driverTroubleshooting Storage IssuesOverview about Filesystems, Device Manager & Device Mapper MultipathRecovering from File System CorruptionMigrating a Volume Group from one system to anotherConfiguration of Iscsi target & InitiatorTroubleshooting RPM IssuesRecover a corrupted RPM DatabaseWorking with transaction history using Yum commandTroubleshooting a Network IssuesScanning Network Ports using nmapnc & iptraf-ng commandsTroubleshooting a network issue (One network interface is not working properly)Troubleshooting a Boot IssuesLab on Basic System RecoveryReset the root passwd using installation disk or rd breakTroubleshooting a Security IssuesTroubleshooting a SELinux IssueSELinux Audit Logs & TroubleshootingOverview of PAM Security & Concepts of PAMVarious practice lab session Are there any course requirements or prerequisites? PC or Laptop with internet ConnectionA RHCSA/RHCE certification, or equivalent knowledge is required to successfully sit this course. Who this course is for: Linux Diagnostics and Troubleshooting course is aimed at senior system administrators who wish to learn more about troubleshooting. Read the full article