Notes from video course:
Linux Security Complete Video Course: Red Hat Certificate of Expertise in Server Hardening (EX413) and LPIC-3 303 (Security) Exams,
Sander van Vugt
These are just quick notes from linux server hardening video course. So I know where to look at when I need it.
Managing system auditing:
auditd
we can for example watch specific file like /etc/passwd and when someone changes that file, the audit will log to some specified file. This is very useful if you want to see what is happening to your sensitive files. The audit log is not very readable though.
Audits even allow us to keylog terminal commands for users (aureport). So you can log what user root is typing. Interesting.
Mandatory Access Control:
The security system creates rules and kernel enforces the rules. This way we limit access to specific files, directories, ports, file systems ...
It prevents infected application to spread over the system and write to where it is not supposed to do.
SE Linux
App Armor