7 |
8 | Running list of all links, may need further categorization at a later date.
9 |
10 | | Description | Link |
11 | | ----------- | ---- |
12 | | | |
13 | | TBD | TBD |
14 | | TBD | TBD |
15 | | TBD | TBD |
16 |
--------------------------------------------------------------------------------
/ref/ub.md:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
Unit Bonus Template
5 |
6 |
7 |
8 | # THIS IS A TEMPLATE DOCUMENT
9 |
10 | (However, these are not hard fast templates, as long as the style is maintained
11 | there is a degree of freedom.)
12 |
13 | There is a larger degree of operational freedom allowed for unit bonuses.
14 |
15 | However these bonus sections should be structured much like unit labs
16 | and pertain directly to the unit they reside in, for example, a Unit 2
17 | Bonus should present and build upon Unit 2 content.
18 |
--------------------------------------------------------------------------------
/src/u10lab.md:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
Under Construction
5 |
6 |
7 |
8 | > If you are unable to finish the lab in the ProLUG lab environment we ask you `reboot`
9 | > the machine from the command line so that other students will have the intended environment.
10 |
11 | ### Required Materials
12 |
13 | Putty or other connection tool Lab Server
14 |
15 | Root or sudo command access
16 |
17 | STIG Viewer 2.18 (download from )
18 |
19 | #### Downloads
20 |
21 | The lab has been provided below. The document(s) can be transposed to
22 | the desired format so long as the content is preserved. For example, the `.txt`
23 | could be transposed to a `.md` file.
24 |
25 | - 📥 u10_lab(`.txt`)
26 | - 📥 u10_lab(`.docx`)
27 |
28 | > Be sure to `reboot` the lab machine from the command line when you are done.
29 |
--------------------------------------------------------------------------------
/src/contributors.md:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
ProLUG Contributors
5 |
6 |
7 |
8 | This book was made possible by a small group of dedicated contributors who worked diligently to create an accessible resource for future students enrolled in courses offered by the Professional Linux User Group.
9 |
10 | The group met weekly to organize efforts, manage contributions, and onboard new volunteers. Using Git for version control and GitHub for project management, they converted existing courseware into Markdown and HTML. The content was then compiled with mdBook into a fast, searchable, multimedia learning resource.
11 |
12 | ## Lead Authors
13 | - **[Scott Champine](https://www.linkedin.com/in/scottchampine/)**
14 | [GitHub](https://github.com/scottchampine) – Lead Author, network & security engineer, CISSP, Linux instructor.
15 |
16 | ## Organizing Contributors:
17 |
18 | - Chris McKee
19 | - Connor Wilkins
20 | - Trevor Smale
21 | - Shane Dugas
22 |
23 | ## Writing Contributors:
24 |
25 | - Chris McKee
26 | - Connor Wilkins
27 | - Trevor Smale
28 | - Shane Dugas
29 | - Enzo Barcellos
30 | *
--------------------------------------------------------------------------------
/src/SUMMARY.md:
--------------------------------------------------------------------------------
1 | # Summary
2 |
3 | - [Course Syllabus](./syllabus.md)
4 | - [Final Project Outline](./project.md)
5 | - [Earning the Certification](./certify.md)
6 | - [Table of Contents](./unitindex.md)
7 | - [About ProLUG](./prolug.md)
8 | - [Unit 1](./u1intro.md)
9 | - [Work Sheet](./u1ws.md)
10 | - [Lab](./u1lab.md)
11 | - [Unit 2](./u2intro.md)
12 | - [Work Sheet](./u2ws.md)
13 | - [Lab](./u2lab.md)
14 | - [Unit 3](./u3intro.md)
15 | - [Work Sheet](./u3ws.md)
16 | - [Lab](./u3lab.md)
17 | - [Unit 4](./u4intro.md)
18 | - [Work Sheet](./u4ws.md)
19 | - [Lab](./u4lab.md)
20 | - [Unit 5](./u5intro.md)
21 | - [Work Sheet](./u5ws.md)
22 | - [Lab](./u5lab.md)
23 | - [Unit 6](./u6intro.md)
24 | - [Work Sheet](./u6ws.md)
25 | - [Lab](./u6lab.md)
26 | - [Unit 7](./u7intro.md)
27 | - [Work Sheet](./u7ws.md)
28 | - [Lab](./u7lab.md)
29 | - [Unit 8](./u8intro.md)
30 | - [Work Sheet](./u8ws.md)
31 | - [Lab](./u8lab.md)
32 | - [Unit 9](./u9intro.md)
33 | - [Work Sheet](./u9ws.md)
34 | - [Lab](./u9lab.md)
35 | - [Unit 10](./u10intro.md)
36 | - [Work Sheet](./u10ws.md)
37 | - [Lab](./u10lab.md)
38 | - [Outro](./outro.md)
39 | - [Contributors](./contributors.md)
40 | - [Contributing](./contributing.md)
41 | - [Local Testing](./development.md)
42 | - [Resources](./resources.md)
43 | - [Downloads](./downloads.md)
44 |
--------------------------------------------------------------------------------
/ref/intro.md:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
Unit Intro Template
5 |
6 |
7 |
8 | # THIS IS A TEMPLATE DOCUMENT
9 |
10 | (However, these are not hard fast templates, as long as the style is maintained
11 | there is a degree of freedom.)
12 |
13 | ## Overview
14 |
15 | ---
16 |
17 | (Small paragraph overviewing the unit)
18 |
19 | ### What is the skill/tech/concept we are dealing with?
20 |
21 | (Skills, tech, or concepts related to the unit)
22 |
23 | etc..
24 |
25 | ## Learning Objectives
26 |
27 | ---
28 |
29 | (Objectives and learning goals related to the unit)
30 |
31 | 1.
32 | 2.
33 | 3.
34 |
35 | ## Relevance & Context
36 |
37 | ---
38 |
39 | (Contextualize the unit content to systems administration)
40 |
41 | ### Why is it important to Linux Administrators/Engineers?
42 |
43 | 1.
44 | 2.
45 | 3.
46 |
47 | etc..
48 |
49 | ## Prerequisites
50 |
51 | ---
52 |
53 | (Any unit prerequisite knowledge)
54 |
55 | ### Briefly mention concepts or skills the reader should already understand before starting the chapter.
56 |
57 | 1.
58 | 2.
59 | 3.
60 |
61 | etc..
62 |
63 | ## Key terms and Definitions
64 |
65 | ---
66 |
67 | (Any important terms relating to the unit)
68 |
69 | Term 1
70 |
71 | Term 2
72 |
73 | etc..
74 |
--------------------------------------------------------------------------------
/src/assets/downloads/u10/u10_worksheet.txt:
--------------------------------------------------------------------------------
1 | ProLUG Security Engineering
2 |
3 | Unit 10 Worksheet
4 |
5 | Instructions
6 |
7 | Fill out this sheet as you progress through the lab and discussions. Hold your worksheets until
8 | the end to turn them in as a final submission packet.
9 |
10 |
11 | Discussion Questions:
12 |
13 | Unit 10 Discussion Post 1: Capture all the terms and concepts that we talk about in this
14 | week’s recording.
15 | 1. How many new topics or concepts do you have to go read about now?
16 | 2. What was completely new to you?
17 | 3. What is something you heard before, but need to spend more time with?
18 |
19 |
20 | Unit 10 Discussion Post 2: Proof of Skills from this course.
21 |
22 | 1. Think about how the course objectives apply to the things you’ve worked on.
23 | a. How would you answer if I asked you for a quick rundown of how you would
24 | secure a Linux system?
25 | b. How would you answer if I asked you why you are a good fit as a security
26 | engineer in my company?
27 | c. Think about what security concepts you think bear the most weight as you
28 | put these course objectives onto your resume.
29 | i. Which would you include?
30 | ii. Which don’t you feel comfortable including?
31 |
32 |
33 | Definitions/Terminology
34 | - Capture from this week lesson or recording
35 |
36 |
37 | Notes During Lecture/Class:
38 |
39 | Links:
40 |
41 | Terms:
42 |
43 | Useful tools:
44 |
45 |
46 | Lab and Assignment
47 | No lab for Unit 10, work on your project.
48 |
--------------------------------------------------------------------------------
/ref/ulab.md:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
Unit Lab Template
5 |
6 |
7 |
8 | ## THIS IS A TEMPLATE DOCUMENT
9 |
10 | (However, these are not hard fast templates, as long as the style is maintained
11 | there is a degree of freedom.)
12 |
13 | > If you are unable to finish the lab in the ProLUG lab environment we ask you `reboot`
14 | > the machine from the command line so that other students will have the intended environment.
15 |
16 | ### Resources / Important Links
17 |
18 | [Link Template](example.org)
19 |
20 | [Link Template](example.org)
21 |
22 | [Link Template](example.org)
23 |
24 | ### Required Materials
25 |
26 | - Rocky 9.4+ - ProLUG Lab
27 | - Or comparable Linux box
28 | - root or sudo command access
29 |
30 | #### Downloads
31 |
32 | The lab has been provided for convenience below:
33 |
34 | - 📥 u_lab(`.pdf`)
35 | - 📥 u_lab(`.docx`)
36 |
37 | ## Pre-Lab Warm-Up
38 |
39 | ---
40 |
41 | (This will be transposed from the lab provided by Scott Champine)
42 |
43 | Step 1:
44 |
45 | Step 2:
46 |
47 | Code block:
48 |
49 | etc..
50 |
51 | ## Lab 🧪
52 |
53 | ---
54 |
55 | (This will be transposed from the lab provided by Scott Champine)
56 |
57 | Step 1:
58 |
59 | Step 2:
60 |
61 | Code block:
62 |
63 | etc..
64 |
65 | > Be sure to `reboot` the lab machine from the command line when you are done.
66 |
--------------------------------------------------------------------------------
/src/unitindex.md:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
Table of Contents
5 |
6 |
7 |
8 | | Unit | Topic |
9 | | :--: | :---------------------------------------------------------------------------------------------------: |
10 | | 1 | [Build Standards and Compliance](https://professionallinuxusersgroup.github.io/psc/u1intro.html) |
11 | | 2 | [Securing the Network Connection](https://professionallinuxusersgroup.github.io/psc/u2intro.html) |
12 | | 3 | [User Access and System Integration](https://professionallinuxusersgroup.github.io/psc/u3intro.html) |
13 | | 4 | [Bastion Hosts and Airgaps](https://professionallinuxusersgroup.github.io/psc/u4intro.html) |
14 | | 5 | [Updating Systems and Patch Cycles](https://professionallinuxusersgroup.github.io/psc/u5intro.html) |
15 | | 6 | [Monitoring and Parsing Logs](https://professionallinuxusersgroup.github.io/psc/u6intro.html) |
16 | | 7 | [Monitoring and Alerting](https://professionallinuxusersgroup.github.io/psc/u7intro.html) |
17 | | 8 | [Configuration Drift and Remediation](https://professionallinuxusersgroup.github.io/psc/u8intro.html) |
18 | | 9 | [Certificate and Key Madness](https://professionallinuxusersgroup.github.io/psc/u9intro.html) |
19 | | 10 | [Recap and Final Project](https://professionallinuxusersgroup.github.io/psc/u10intro.html) |
20 |
--------------------------------------------------------------------------------
/src/assets/downloads/u9/u9_lab.txt:
--------------------------------------------------------------------------------
1 | Unit 9 Lab – Certificates and Keys
2 |
3 | Required Materials
4 |
5 | - Putty or other connection tool
6 | - Lab Server
7 | - Root or sudo command access
8 |
9 | LAB
10 | These labs focus on Certificates and Keys in securing systems and systems communication.
11 | Certificates to secure TLS for rsyslog communication
12 |
13 | 1. Complete the lab here: https://killercoda.com/het-tanis/course/Linux-Labs/211-setting-up-rsyslog-with-tls
14 | 2. When you finish the lab, review the following items.
15 | a. https://spiffe.io/pdf/Solving-the-bottom-turtle-SPIFFE-SPIRE-Book.pdf Pages 41-48
16 | i. Does the diagram on page 44 make sense to you for what you did with a
17 | certificate authority in this lab?
18 |
19 | SSH – Public and Private key pairs
20 |
21 | 1. Complete the lab here: https://killercoda.com/het-tanis/course/Linux-Labs/212-public-private-keys-with-ssh
22 | a. What is the significance of they permission settings that you saw on the generated
23 | public and private key pairs?
24 |
25 |
26 | Digging Deeper challenge (not required for finishing lab)
27 |
28 | 1. Complete the following labs and see if they reinforce any of your understanding of certificates with
29 | the use of Kubernetes.
30 | a. https://killercoda.com/killer-shell-cks/scenario/certificate-signing-requests-sign-manually
31 | b. https://killercoda.com/killer-shell-cks/scenario/certificate-signing-requests-sign-k8s
32 | 2. Read the rest of:
33 | https://spiffe.io/pdf/Solving-the-bottom-turtle-SPIFFE-SPIRE-Book.pdf
34 | a. How does that align with your understanding of zero-trust?
35 | b. If you haven’t read about zero-trust, start here:
36 | https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-207.pdf
37 |
--------------------------------------------------------------------------------
/src/u4intro.md:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
Bastion Hosts & Air-Gaps
5 |
6 |
7 |
8 | ## Overview
9 |
10 | Bastions and airgaps are strategies for controlling how systems connect—or don't connect—to the outside world. They focus on limiting exposure, creating strong boundaries that support a broader security design.
11 | In this unit, we look at how we can seperate systems and create safe disconnects should a problem arise.
12 |
13 | ## Learning Objectives
14 |
15 | 1. Understand the role and importance of air-gapped systems.
16 | 2. Recognize how to balance strong security with operational efficiency.
17 | 3. Learn how bastion hosts can help control and limit system access.
18 | 4. Understand methods for automating the jailing and restriction of users.
19 | 5. Gain a foundational understanding of `chroot` environments and diversion techniques.
20 |
21 | ## Relevance and Context
22 |
23 | As organizations grow, protecting critical systems becomes more challenging. Air-gapped systems and bastion hosts offer proven ways to limit exposure and manage access securely. Understanding these concepts is essential for building strong security foundations without creating unnecessary barriers to operations.
24 |
25 | ## Prerequisites
26 |
27 | To be successful, students should have a working understanding of skills and tools including:
28 |
29 | 1. Basic directory navigation skills.
30 | 2. Ability to edit and manage configuration files.
31 | 3. Understanding of SystemD services and the use of the `sysctl` command.
32 | 4. Basic knowledge of Bash scripting.
33 |
34 | ## Key Terms and Definitions
35 |
36 | Air-gapped
37 |
38 | Bastion
39 |
40 | Jailed process
41 |
42 | Isolation
43 |
44 | Ingress
45 |
46 | Egress
47 |
48 | Exfiltration
49 |
50 | Cgroups
51 |
52 | Namespaces
53 |
54 | - Mount
55 | - PID
56 | - IPC
57 | - UTS
--------------------------------------------------------------------------------
/src/u5intro.md:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
Repos & Patching
5 |
6 |
7 |
8 | ## Overview
9 |
10 | Where software originates—and how and when it is updated (patched)—is essential to maintaining system stability and security. Every patch applied to a system must come from a known and trusted source, as introducing changes into a stable environment can have significant consequences. Administrators and engineers ensure that patching is planned and scheduled using verified, trackable repositories and resources.
11 |
12 | In this unit, we will examine how this process is implemented in adjacent distributions, where administrators can apply granular control to Red Hat Package Manager (RPM) packages and maintain internal repositories of vetted packages.
13 |
14 | ## Learning Objectives
15 |
16 | 1. Understand the importance of package integrity.
17 | 2. Understand patching techniques and routines.
18 | 3. Understanding automated methods of patching.
19 | 4. Understanding custom internal package repositories.
20 |
21 | ## Relevance and Context
22 |
23 | For security engineers, controlling the origin and integrity of software updates is a foundational practice for minimizing attack surfaces. By managing internal repositories and applying strict control over RPM packages, organizations can enforce compliance, prevent supply chain attacks, and ensure only trusted, audited software enters production environments.
24 |
25 | ## Prerequisites
26 |
27 | To be successful, students should have a working understanding of skills and tools including:
28 |
29 | 1. Basic directory navigation skills.
30 | 2. Ability to edit and manage configuration files.
31 | 3. Basic knowledge of STIG.
32 | 4. Basic knowledge of Ansible.
33 |
34 | ## Key Terms and Definitions
35 |
36 | Patching
37 |
38 | Repos
39 |
40 | Software
41 |
42 | - EPEL
43 | - BaseOS v. Appstream (in RHEL/Rocky)
44 | - Other types you can find?
45 |
46 | httpd
47 |
48 | patching
49 |
50 | GPG Key
51 |
52 | DNF/YUM
53 |
--------------------------------------------------------------------------------
/src/u3intro.md:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
Unit 3 - User Access and System Integration
5 |
6 |
7 |
8 | ## Overview
9 |
10 | User access in an larger organizations requires more sophisticated controls. For this purpose Active Directory (AD) and Lightweight Directory Access Protocol (LDAP) have become popular choices as they offer more sophisticated and robust ways of controlling access.
11 | In this chapter, you will learn why AD and LDAP are popular choices.
12 |
13 | ## Learning Objectives
14 |
15 | 1. Understand how LDAP or AD works and why it is beneficial.
16 | 2. High level understanding of hardening Rocky Linux, a RHEL adjacent distro.
17 | 3. Gain a basic understanding of PAM.
18 |
19 | ## Relevance and Context
20 |
21 | In enterprise environments, managing user identities and system access at scale is critical for security, compliance, and operational efficiency. Lightweight Directory Access Protocol (LDAP) and Active Directory (AD) provide centralized authentication, authorization, and account management capabilities that far surpass local account management methods.
22 |
23 | Understanding these systems is foundational for administrators working with Rocky Linux, a Red Hat Enterprise Linux (RHEL) derivative, especially when implementing compliance standards such as DISA STIGs or CIS Benchmarks. Mastering integration points like PAM (Pluggable Authentication Modules) and services like `sssd` allows administrators to ensure secure and scalable authentication across diverse systems.
24 |
25 | ## Prerequisites
26 |
27 | To be successful, students should have a working understanding of skills and tools including:
28 |
29 | 1. Basic Directory navigation.
30 | 2. Knowledge of editing config files.
31 | 3. Basic knowledge of StigViewer.
32 | 4. Understanding of SystemD services and the SysCTL command.
33 |
34 | ## Key Terms and Definitions
35 |
36 | PAM
37 |
38 | AD
39 |
40 | LDAP
41 |
42 | sssd
43 |
44 | oddjob
45 |
46 | krb5
47 |
48 | realm/realmd
49 |
50 | wheel (system group in RHEL)
51 |
52 |
--------------------------------------------------------------------------------
/src/project.md:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
ProLUG Security Engineering - Final Project
8 |
9 |
10 |
11 | Students wishing to complete the Security Engineering course are expected to devise
12 | and complete a capstone project, to be turned in at the end of the course.
13 |
14 | The instructions, expectations, and deliverables for the project are listed on this
15 | page.
16 |
17 | ## Instructions
18 |
19 | 1. We have picked up a new client. They are requesting we help them adhere to the HIPAA
20 | compliance standard. Review an explanation of the standard here:
21 |
22 |
23 | - If you are in the EU and want to substitute GDPR, you may do so.
24 |
25 |
26 | 2. Build the documentation for HIPAA Compliance.
27 |
28 | - How are we implementing Risk analysis and management?
29 | - What are our safeguards?
30 | 1. Administrative
31 | 2. Physical
32 | 3. Technical
33 | - How do we form Business Associate Agreements
34 | - What are our documentation practices?
35 | 1. Policies
36 | 2. Procedures
37 | 3. Update and review cadence
38 |
39 | 3. Prepare to Present ( is a great alternative to Powerpoint)
40 |
41 | - Setup a 15-20 slide deck on what you did
42 | 1. Project purpose
43 | 2. Diagram
44 | 3. Build Process
45 | 4. What did you learn?
46 | 5. How are you going to apply this?
47 |
48 | 4. Do any of you want to present?
49 | - Let Scott know (@het_tanis) and we’ll get you a slot in the last few weeks.
50 |
51 | ## Deliverables
52 |
53 | 1. A 15-20 slide presentation of the above material that you would present to a group
54 | (presenting to us is voluntary, but definitely possible.)
55 | - This can be done with Microsoft PowerPoint, LibreOffice Impress, or
56 | [overleaf.com](https://overleaf.com).
57 |
--------------------------------------------------------------------------------
/src/assets/downloads/u9/u9_worksheet.txt:
--------------------------------------------------------------------------------
1 | ProLUG Security Engineering
2 |
3 | Unit 9 Worksheet
4 |
5 | Instructions
6 |
7 | Fill out this sheet as you progress through the lab and discussions. Hold your worksheets until
8 | the end to turn them in as a final submission packet.
9 |
10 |
11 | Discussion Questions:
12 |
13 | Unit 9 Discussion Post 1: Read the Security Services section, pages 22-23 of
14 | https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r5.pdf and
15 | answer the following questions.
16 |
17 | 1. How do these topics align with what you already know about system security?
18 | 2. Were any of the terms or concepts new to you?
19 |
20 |
21 | Unit 9 Discussion Post 2: Review the TLS Overview section, pages 4-7 of
22 | https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-52r2.pdf and answer
23 | the following questions
24 |
25 | 1. What are the three subprotocols of TLS?
26 | 2. How does TLS apply
27 | a. Confidentiality
28 | b. Integrity
29 | c. Authentication
30 | d. Anti-replay
31 |
32 | Definitions/Terminology
33 |
34 | - TLS
35 | - Symmetric Keys
36 | - Asymmetric Keys
37 | - Non-Repudiation
38 | - Anti-Replay
39 | - Plaintext
40 | - Cyphertext
41 | - Fingerprints
42 | - Passphrase (in key generation)
43 |
44 |
45 | Notes During Lecture/Class:
46 |
47 | Links:
48 | - https://www.sans.org/information-security-policy/
49 | - https://www.sans.org/blog/the-ultimate-list-of-sans-cheat-sheets/
50 | - https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r5.pdf
51 | - https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-52r2.pdf
52 |
53 | Terms:
54 |
55 | Useful tools:
56 | - STIG Viewer 2.18
57 | - Ansible
58 | - Killercoda
59 |
60 |
61 | Lab and Assignment
62 |
63 | Unit9-Certificates and keys - To be completed outside of lecture time.
64 |
65 |
66 | Digging Deeper
67 |
68 | 1. Finish reading about TLS in the publication and think about where you might apply it.
69 |
70 |
71 | Reflection Questions
72 |
73 | 1. What were newer topics to you, or alternatively what was a new application of
74 | something you already had heard about?
75 | 2. What questions do you still have about this week?
76 | 3. How are you going to use what you’ve learned in your current role?
77 |
78 |
--------------------------------------------------------------------------------
/src/u9lab.md:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
Unit 9 Lab - Certificate and Key Madness
5 |
6 |
7 |
8 | ## Lab 🧪
9 |
10 | These labs focus on pulling metric information and then visualizing that data quickly on dashboards for real time analysis.
11 |
12 | #### Downloads
13 |
14 | The lab has been provided below. The document(s) can be transposed to
15 | the desired format so long as the content is preserved. For example, the `.txt`
16 | could be transposed to a `.md` file.
17 |
18 | - 📥 u9_lab(`.txt`)
19 | - 📥 u9_lab(`.pdf`)
20 |
21 | ### Setting up Rsyslog with TLS
22 |
23 | 1. Complete the lab:
24 |
25 | ### Review Solving the Bottom Turtle
26 |
27 | 1. Review pages 41-48 of
28 | - Does the diagram on page 44 make sense to you for what you did with a certificate authority in this lab?
29 |
30 | ### SSH – Public and Private key pairs
31 |
32 | 1. Complete the lab:
33 | - What is the significance of the permission settings that you saw on the generated
34 | public and private key pairs?
35 |
36 | ## Digging Deeper challenge (not required for finishing lab)
37 |
38 | 1. Complete the following labs and see if they reinforce any of your understanding of certificates with
39 | the use of Kubernetes.
40 |
41 | -
42 | -
43 |
44 | 2. Read the rest of
45 |
46 | - How does that align with your understanding of zero-trust? if you haven't read about zero-trust, start here:
47 | -
48 |
--------------------------------------------------------------------------------
/src/u9intro.md:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
Unit 9 - Certificate and key madness
5 |
6 |
7 |
8 | ## Overview
9 |
10 | In today’s interconnected world, the integrity and security of transmitted data are paramount. As systems grow in complexity and interdependence, it’s crucial to verify the identity of those we communicate with and to protect the data in transit. Certificates and keys form the backbone of this trust. By securely exchanging and validating cryptographic keys and digital certificates, we establish a system where data can be encrypted, identities can be authenticated, and communications can be trusted.
11 |
12 | ## Learning Objectives
13 |
14 | 1. Define the purpose and function of digital certificates and cryptographic keys.
15 | 2. Understand the differences between symmetric and asymmetric encryption.
16 | 3. Learn how TLS uses certificates for secure communication.
17 | 4. Explore the process of certificate signing and validation (PKI).
18 | 5. Use tools like `openssl` to generate keys and inspect certificates.
19 |
20 | ## Prerequisites
21 |
22 | 1. Basic command line navigation and editing skills (`vi`, `cat`, `grep`)
23 | 2. Experience with editing config files using Vim
24 | 3. Familiarity with key generation (Learned in prior chapters)
25 |
26 | ## Relevance & Context
27 |
28 | Certificates and Keys ensure trust and authenticity in both human and machine interactions. Whether securing APIs, internal services, or user sessions over HTTPS, public key infrastructure (PKI) allows systems to validate each other’s identities and encrypt traffic accordingly. These concepts are foundational in implementing secure DevOps pipelines, enforcing compliance standards like HIPAA or PCI-DSS, and ensuring resilience in infrastructure. Understanding how keys are generated, used, and validated is a critical skill for system administrators, security engineers, and DevOps professionals alike.
29 |
30 | ## Key Terms & Definitions
31 |
32 | - TLS
33 | - Symmetric Keys
34 | - Asymmetric Keys
35 | - Non-Repudiation
36 | - Anti-Replay
37 | - Plaintext
38 | - Cypher-Text
39 | - Fingerprints
40 | - Passphrase (in key generation)
--------------------------------------------------------------------------------
/src/u7intro.md:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
Monitoring and Alerting
5 |
6 |
7 |
8 | ## Overview
9 |
10 | Monitoring systems and alerting when issues arise are critical responsibilities for system operators. Effective observability ensures that system health, performance, and security can be continuously assessed. In this unit, we will explore how to design reliable monitoring infrastructures through sound architectural decisions. We will also examine how alerts can be tuned and moderated to minimize noise, prioritize actionable events, and ensure timely response to real issues.
11 |
12 | ## Learning Objectives
13 |
14 | 1. Understand robust monitoring architecture.
15 | 2. Understand what comprises a well architected monitoring pipeline.
16 | 3. Understand alert fatigue and how to focus on pertinent, actionable alerts.
17 | 4. Understand the trade off between information flow and security.
18 | 5. Get hands on with Fail2Ban, Prometheus, and Grafana.
19 |
20 | ## Relevance & Context
21 |
22 | As environments scale and threats evolve, visibility into system activity becomes vital to security assurance. Monitoring and alerting form the backbone of incident detection and response, making them essential tools for any security engineer aiming to maintain resilience without hindering operational flow.
23 |
24 | ## Prerequisites
25 |
26 | To be successful, students should have a working understanding of skills and tools including:
27 |
28 | 1. Basic directory navigation skills.
29 | 2. Ability to edit and manage configuration files.
30 | 3. Understanding of SystemD services and the use of the `sysctl` command.
31 | 4. Basic knowledge of Bash scripting.
32 |
33 | ## Key terms and Definitions
34 |
35 | Tracing
36 |
37 | Span
38 |
39 | Label
40 |
41 | Time Series Database (TSDB)
42 |
43 | Queue
44 |
45 | Upper control limit / Lower control limit (UCL/LCL)
46 |
47 | Aggregation
48 |
49 | SLO, SLA, SLI
50 |
51 | Push v. Pull of data
52 |
53 | Alerting rules
54 |
55 | Alertmanager
56 |
57 | Alert template
58 |
59 | Routing
60 |
61 | Throttling
62 |
63 | Monitoring for defensive operations
64 |
65 | SIEM
66 |
67 | Intrusion Detection Systems - IDS
68 |
69 | Intrusion Prevention Systems - IPS
70 |
71 |
72 |
--------------------------------------------------------------------------------
/.github/workflows/mdbook.yml:
--------------------------------------------------------------------------------
1 | # Sample workflow for building and deploying a mdBook site to GitHub Pages
2 | #
3 | # To get started with mdBook see: https://rust-lang.github.io/mdBook/index.html
4 | #
5 | name: Deploy mdBook site to Pages
6 |
7 | on:
8 | # Runs on pushes targeting the default branch
9 | push:
10 | branches: ["main"]
11 |
12 | # Allows you to run this workflow manually from the Actions tab
13 | workflow_dispatch:
14 |
15 | # Sets permissions of the GITHUB_TOKEN to allow deployment to GitHub Pages
16 | permissions:
17 | contents: read
18 | pages: write
19 | id-token: write
20 |
21 | # Allow only one concurrent deployment, skipping runs queued between the run in-progress and latest queued.
22 | # However, do NOT cancel in-progress runs as we want to allow these production deployments to complete.
23 | concurrency:
24 | group: "pages"
25 | cancel-in-progress: false
26 |
27 | jobs:
28 | # Build job
29 | build:
30 | runs-on: ubuntu-latest
31 | env:
32 | MDBOOK_VERSION: v0.4.52
33 |
34 | #TODO Implement Token?
35 | # GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
36 |
37 | steps:
38 | - uses: actions/checkout@v4
39 | with:
40 | submodules: recursive
41 |
42 | - name: Dynamically generate resources.md file
43 | run: ./mdbook-resources/scripts/generate-resources
44 |
45 | - name: Cache mdbook binary
46 | id: cache-mdbook
47 | uses: actions/cache@v4
48 | with:
49 | path: mdbook
50 | key: mdbook-${{ runner.os }}-${{ env.MDBOOK_VERSION }}
51 | restore-keys: mdbook-${{ runner.os }}-
52 |
53 | - name: Fetch mdBook binary from mdBook repository if not cached
54 | if: steps.cache-mdbook.outputs.cache-hit != 'true'
55 | run: ./mdbook-resources/scripts/binary-validation ${MDBOOK_VERSION}
56 |
57 | - name: Setup Pages
58 | id: pages
59 | uses: actions/configure-pages@v5
60 |
61 | - name: Build with mdBook
62 | run: ./mdbook build
63 |
64 | - name: Upload artifact
65 | uses: actions/upload-pages-artifact@v3
66 | with:
67 | path: ./book
68 |
69 | # Deployment job
70 | deploy:
71 | environment:
72 | name: github-pages
73 | url: ${{ steps.deployment.outputs.page_url }}
74 | runs-on: ubuntu-latest
75 | needs: build
76 | steps:
77 | - name: Deploy to GitHub Pages
78 | id: deployment
79 | uses: actions/deploy-pages@v4
80 |
--------------------------------------------------------------------------------
/src/assets/downloads/u5/u5_worksheet.txt:
--------------------------------------------------------------------------------
1 | ProLUG Security Engineering
2 | Unit 5 Worksheet
3 |
4 | Instructions
5 | Fill out this sheet as you progress through the lab and discussions. Hold your worksheets until
6 | the end to turn them in as a final submission packet.
7 |
8 | Discussion Questions:
9 |
10 | Unit 5 Discussion Post 1: Review the rocky documentation on Software management in
11 | Linux. https://docs.rockylinux.org/books/admin_guide/13-softwares/
12 |
13 | 1. What do you already understand about the process?
14 | 2. What new things did you learn or pick up?
15 | 3. What are the DNF plugins?
16 | a. What is the use of the versionlock plugin?
17 | 4. What is an EPEL?
18 | a. Why do you need to consider this when using one?
19 |
20 |
21 | Unit 5 Discussion Post 2: Do a google search for "patching enterprise Linux" and try to
22 | wade through all of the noise.
23 |
24 | 1. What blogs (or AI) do you find that enumerates a list of steps or checklists to
25 | consider?
26 | 2. After looking at that, how does patching a fleet of systems in the enterprise differ
27 | from pushing "update now" on your local desktop?
28 | a. What seems to be the major considerations?
29 | b. What seems to be the major roadblocks?
30 |
31 |
32 | Definitions/Terminology
33 | - Patching
34 | - Repos
35 | - Software
36 | - EPEL
37 | - BaseOS v. Appstream (in RHEL/Rocky)
38 | - Other types you can find?
39 | - httpd
40 | - patching
41 | - GPG Key
42 | - DNF/YUM
43 |
44 |
45 | Notes During Lecture/Class:
46 |
47 | Links:
48 | - https://wiki.rockylinux.org/rocky/repo/
49 | - https://www.sans.org/information-security-policy/
50 | - https://www.sans.org/blog/the-ultimate-list-of-sans-cheat-sheets/
51 | - https://public.cyber.mil/stigs/downloads/
52 |
53 | Terms:
54 |
55 | Useful tools:
56 | - STIG Viewer 2.18
57 | - SCC Tool (version varies by type of scan)
58 | - OpenScap
59 |
60 | Lab and Assignment
61 | Unit5_Repos_and_Patching - To be completed outside of lecture time.
62 |
63 |
64 | Digging Deeper
65 | 1. After completing the lab and worksheet, draw out how you would deploy a software repository into your system.
66 | a. How are you going to update it?
67 | b. What tools do you find that are useful in this space?
68 |
69 | Reflection Questions
70 | 1. Why is it that repos are controlled by root/admin functions and not any user, developer, or manager?
71 | 2. What questions do you still have about this week?
72 | 3. How are you going to use what you've learned in your current role?
73 |
74 |
--------------------------------------------------------------------------------
/src/assets/downloads/u1/u1_worksheet.txt:
--------------------------------------------------------------------------------
1 | ProLUG Security Engineering Unit 1 Worksheet
2 |
3 |
4 | Instructions
5 | Fill out this sheet as you progress through the lab and discussions. Hold your worksheets until the end to turn them in as a final submission packet.
6 |
7 |
8 | Discussion Questions:
9 | Unit 2 Discussion Post 1: The first question of this course is, "What is Security?"
10 | 1. Describe the CIA Triad.
11 | 2. What is the relationship between Authority, Will, and Force as they relate to security?
12 | 3. What are the types of controls and how do they relate to the above question?
13 |
14 |
15 | Unit 2 Discussion Post 2: Find a STIG or compliance requirement that you do not agree is necessary for a server or service build.
16 |
17 |
18 | 1. What is the STIG or compliance requirement trying to do?
19 |
20 |
21 | 2. What category and type of control is it?
22 |
23 |
24 | 3. Defend why you think it is not necessary. (What type of defenses do you think you could present?)
25 |
26 |
27 | Definitions/Terminology
28 |
29 |
30 | CIA Triad:
31 | RegulatoryCompliance:
32 | HIPAA:
33 | Industry Standards:
34 | PCI/DSS:
35 | Security Frameworks:
36 | CIS:
37 | STIG:
38 | Notes During Lecture/Class:
39 | Links:
40 | - https://public.cyber.mil/stigs/downloads
41 | - https://excalidraw.com
42 | - https://www.open-scap.org
43 | - https://www.sans.org/information-security-policy
44 | - https://www.sans.org/blog/the-ultimate-list-of-sans-cheat-sheets
45 |
46 |
47 |
48 |
49 | Terms:
50 |
51 |
52 |
53 |
54 | Useful tools:
55 | * STIG Viewer 2.18
56 | * SCC Tool (version varies by type of scan)
57 | * OpenScap
58 |
59 |
60 |
61 |
62 |
63 |
64 | Lab and Assignment
65 | Unit1_Build_Standards_and_Compliance - To be completed outside of lecture
66 | time.
67 |
68 |
69 | Digging Deeper
70 | 1. Research a risk management framework. https://csrc.nist.gov/projects/risk-management/about-rmf
71 | - What are the areas of concern for risk management?
72 |
73 |
74 | 2. Research the difference between quantitative and qualitative risks.
75 | - Why might you use one or the other?
76 |
77 |
78 | 3. Research ALE, SLE, and ARO.
79 | - What are these terms in relation to?
80 | - How do these help in the risk discussion?
81 |
82 |
83 | Reflection Questions
84 |
85 |
86 | 1. What questions do you still have about this week?
87 |
88 |
89 |
90 |
91 | 2. How are you going to use what you've learned in your current role?
--------------------------------------------------------------------------------
/src/assets/downloads/u1/u1_lab.docx.txt:
--------------------------------------------------------------------------------
1 | Unit 1 Lab - Build Standards and Compliance
2 |
3 | Required Materials
4 |
5 | Putty or other connection tool Lab Server
6 | Root or sudo command access
7 | STIG Viewer 2.18 (download from https://public.cyber.mil/stigs/downloads/ )
8 |
9 | EXERCISES (Warmup to quickly run through your system and familiarize yourself)
10 |
11 | 1. mount | grep -i noexec
12 | 2. mount | grep -i nodev
13 | 3. mount | grep -i nosuid
14 | 1. Approximately how many of your mounted filesystems have each of these values?
15 | 4. sysctl -a | grep -i ipv4
16 | 5. sysctl -a | grep -i ipv6
17 | 1. How many of each are there?
18 | 6. sysctl -a | grep -i ipv4 | grep -i forward
19 | 1. Does IPv4 forward on interfaces?
20 | 7. lsmod | grep -i tables
21 | 1. What type of tables exist?
22 |
23 | PreLAB
24 |
25 | Download the STIG Viewer 2.18 from - https://public.cyber.mil/stigs/downloads/
26 | Download the STIG for Mariadb and the import it into your STIG viewer
27 |
28 | LAB
29 |
30 | This lab is designed to have the engineer practice securing a Linux server or service against a set of configuration standards. These standards are sometimes called benchmarks, checklists, or guidelines. The engineer will be using STIG Viewer 2.18 to complete this lab.
31 |
32 | MariaDB Service configuration:
33 |
34 | 1. Connect to a hammer server
35 | 2. Install MariaDB
36 | 1. dnf install mariadb-server
37 | 3. Ensure that it is running
38 | 1. systemctl start mariadb
39 | 2. systemctl status mariadb
40 | 3. ss -ntulp | grep 3306
41 | 4. Check and remediate v-253666 STIG
42 | 4. What is the problem?
43 | 5. What is the fix?
44 | 6. What type of control is being implemented?
45 | 7. Is it set properly on your system?
46 | 8. Connect to mariadb locally
47 | 1. mysql
48 | 2. SELECT user, max_user_connections FROM mysql.user;
49 | 3. Can you remediate this finding?
50 | 5. Check and remediate v-253677 STIG
51 | 1. What is the problem?
52 | 2. What is the fix?
53 | 3. What type of control is being implemented?
54 | 4. Is it set properly on your system?
55 | 6. Check and remediate v-253678 STIG
56 | 1. What is the problem?
57 | 2. What is the fix
58 | 3. What type of control is being implemented?
59 | 4. Is it set properly on your system?
60 | 7. Check and remediate v-253734 STIG
61 | 1. What is the problem?
62 | 2. What is the fix?
63 | 3. What type of control is being implemented?
64 | 4. Is it set properly on your system?
--------------------------------------------------------------------------------
/src/assets/downloads/u2/u2_worksheet.txt:
--------------------------------------------------------------------------------
1 | ProLUG Security Engineering Unit 2 Worksheet
2 |
3 |
4 | Instructions
5 | Fill out this sheet as you progress through the lab and discussions. Hold your worksheets until the end to turn them in as a final submission packet.
6 |
7 |
8 | Discussion Questions:
9 |
10 | Unit 2 Discussion Post 1:
11 | There are 401 stigs for RHEL 9. If you filter in your stig viewer for sysctl there are 33 (mostly network focused), ssh - 39, and network - 58. Now there are some overlaps between those, but review them and answer these questions
12 | 1. As systems engineers why are we focused on protecting the network portion of our server builds?
13 | 2. Why is it important to understand all the possible ingress points to our servers that exist?
14 | a. Why is it so important to understand the behaviors of processes that are connecting on those ingress points?
15 |
16 |
17 | Unit 2 Discussion Post 2:
18 | Read this: https://ciq.com/blog/demystifying-and-
19 | troubleshooting-name-resolution-in-rocky-linux/ or similar blogs on DNS and host file configurations.
20 | 1. What is the significance of the nsswitch.conf file?
21 | 2. What are security problems associated with DNS and common exploits? (May have to look into some more blogs or posts for this)
22 |
23 |
24 | Definitions/Terminology
25 |
26 | sysctl
27 | nsswitch.conf
28 | DNS
29 | Openscap
30 | CIS Benchmarks
31 | ss/netstat
32 | tcpdump
33 | ngrep
34 |
35 | Notes During Lecture/Class:
36 |
37 | Links:
38 | * https://www.sans.org/information-security-policy/
39 | * https://www.sans.org/blog/the-ultimate-list-of-sans-cheat-sheets/
40 | * https://docs.rockylinux.org/gemstones/core/view_kernel_conf/
41 | * https://ciq.com/blog/demystifying-and-troubleshooting-name-resolution-in- rocky-linux/
42 | * https://www.activeresponse.org/wp-content/uploads/2013/07/diamond.pdf
43 |
44 |
45 | Terms:
46 |
47 |
48 | Useful tools:
49 | * STIG Viewer 2.18
50 | * SCC Tool (version varies by type of scan)
51 | * OpenScap
52 |
53 |
54 | Lab and Assignment
55 | Unit2_Network_Standards_and_Compliance - To be completed outside of lecture
56 | time.
57 |
58 | Digging Deeper
59 | 1. See if you can find any DNS exploits that have been used and written up in the diamond model of intrusion analysis format. If you can, what are the primary actors and actions that made up the attack?
60 |
61 |
62 | Reflection Questions
63 | 1. What questions do you still have about this week?
64 |
65 |
66 | 2. How are you going to use what you've learned in your current role?
--------------------------------------------------------------------------------
/src/assets/downloads/u8/u8_worksheet.txt:
--------------------------------------------------------------------------------
1 | ProLUG Security Engineering
2 |
3 | Unit 8 Worksheet
4 |
5 | Instructions
6 |
7 | Fill out this sheet as you progress through the lab and discussions. Hold your worksheets until
8 | the end to turn them in as a final submission packet.
9 |
10 |
11 | Discussion Questions:
12 |
13 | Unit 8 Discussion Post 1:
14 | Read about configuration management here:
15 | https://en.wikipedia.org/wiki/Configuration_management
16 | a. What overlap of terms and concepts do you see from this week’s meeting?
17 | b. What are some of the standards and guidelines organizations involved with
18 | configuration management?
19 | i. Do you recognize them from other IT activities?
20 |
21 | Unit 8 Discussion Post 2:
22 | Review the SRE guide to treating configurations as code. Read as
23 | much as you like, but focus down on the “Practical Advice” section:
24 | https://google.github.io/building-secure-and-reliable-
25 | systems/raw/ch14.html#treat_configuration_as_code
26 | a. What are the best practices that you can use in your configuration management adherence?
27 | b. What are the security threats and how can you mitigate them?
28 | a. Why might it be good to know this as you design a CMDB or CI/CD pipeline?
29 |
30 | Definitions/Terminology
31 |
32 | - System Lifecycle
33 | - Configuration Drift
34 | - Change management activities
35 | - CMDB
36 | - CI
37 | - Baseline
38 | - Build book
39 | - Run book
40 | - Hashing
41 | - md5sum
42 | - shasum
43 | - IaC
44 | - Orchestration
45 | - Automation
46 | - AIDE
47 |
48 | Notes During Lecture/Class:
49 |
50 | Links:
51 | - https://google.github.io/building-secure-and-reliable-systems/raw/ch14.html#treat_configuration_as_code
52 | - https://en.wikipedia.org/wiki/Configuration_management
53 | - https://www.sans.org/information-security-policy/
54 | - https://www.sans.org/blog/the-ultimate-list-of-sans-cheat-sheets/
55 |
56 | Terms:
57 |
58 | Useful tools:
59 | - STIG Viewer 2.18
60 | - Ansible
61 | - Killercoda
62 |
63 | Lab and Assignment
64 | Unit8-Configuration-drift-remediation - To be completed outside of lecture time.
65 |
66 | Digging Deeper
67 |
68 | 1. Review more of the SRE books from Google: https://sre.google/books/ to try to find
69 | more useful change management practices and policies.
70 |
71 |
72 | Reflection Questions
73 |
74 | 1. How does the idea of control play into configuration management? Why is it so
75 | important?
76 |
77 | 2. What questions do you still have about this week?
78 |
79 | 3. How are you going to use what you’ve learned in your current role?
80 |
--------------------------------------------------------------------------------
/src/u2intro.md:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
Unit 2 - Securing the Network Connection
5 |
6 |
7 |
8 | ## Overview
9 |
10 | Understanding and implementing network standards and compliance measures can make security controls of critical importance very effective.
11 |
12 | This unit introduces foundational knowledge on analyzing, configuring, and hardening networking components using tools and frameworks like STIGs, OpenSCAP, and DNS configurations.
13 |
14 | ## Learning Objectives
15 |
16 | By the end of Unit 2 students will have foundational knowledge and skills of
17 | the concepts below:
18 |
19 | 1. Identifying and analyzing STIGs related to Linux networking.
20 | 2. Understand and configure secure name resolution using nsswitch.conf and DNS.
21 | 3. Utilizing tools like tcpdump, ngrep, ss, and netstat to monitor network behavior.
22 | 4. Applying OpenSCAP and SCC tools for network compliance assessments.
23 | 5. Exploring known network-based exploits and understanding their anatomy via the Diamond Model of Intrusion Analysis.
24 |
25 | ## Relevance and Context
26 |
27 | Networks represent one of the most common attack vectors in enterprise systems. Misconfigured name
28 | resolution, open ports, and insecure protocols are all doorways to intrusion. As system engineers,
29 | building resilient systems requires a deep understanding of how data flows through these pathways
30 | and what tools can monitor and secure them.
31 |
32 | By learning to assess and remediate network-related STIGs and implementing structured standards,
33 | students will gain the skills to reduce ingress risk and respond effectively to threats. These skills
34 | are not only crucial for compliance but also for real-world defense.
35 |
36 | ## Prerequisites
37 |
38 | To be successful, students should have a working understanding of skills and tools including:
39 |
40 | 1. The Command Line Interface and BASH shell skills
41 | 2. Installing and Updating Linux System Packages
42 | 3. Network concepts including TCP/IP, DNS, and more
43 | 4. Interacting with command line tools such as: `sysctl`, `firewalld`, `grep`, and `oscap`
44 | 5. Ability to edit files with `vim`
45 | 6. Students will need to download the latest STIG viewer, v2.18
46 |
47 | ## Key Terms and Definitions
48 |
49 | sysctl
50 | nsswitch.conf
51 | DNS
52 | Openscap
53 | CIS Benchmarks
54 | ss/netstat
55 | tcpdump
56 | ngrep
57 |
--------------------------------------------------------------------------------
/src/u10intro.md:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
Unit 10 - Recap and Final Project
5 |
6 |
7 |
8 | ## Overview
9 |
10 | This final unit serves as a reflection point for the course, providing students the
11 | opportunity to step back, assess what they've learned, and think deeply about how
12 | these skills apply to real-world systems and career goals.
13 |
14 | Unit 10 is less about introducing new tools or frameworks and more about
15 | consolidating your knowledge into a cohesive security engineering mindset. Whether
16 | through discussion posts, project finalization, or self-assessment, this unit is
17 | designed to help you articulate your growth and prepare to present yourself as a
18 | capable security professional.
19 |
20 | ## Learning Objectives
21 |
22 | 1. Reflect on key topics covered throughout the course and identify strengths and weaknesses.
23 | 2. Practice articulating technical security concepts and processes in your own words.
24 | 3. Prepare for technical interviews or resume reviews through self-explanation of security workflows.
25 | 4. Finalize and polish your capstone project deliverables.
26 | 5. Connect course topics to real industry expectations in security engineering.
27 |
28 | ## Relevance & Context
29 |
30 | Cybersecurity isn't about memorizing tools -- it's about learning how to
31 | think like both a defender and an attacker.
32 | By this point in the course, you’ve explored threat modeling, auditing, configuration management, logging, and more. This unit challenges you to connect the dots.
33 |
34 | Real-world roles demand not just technical skills, but also the ability to
35 | communicate your reasoning, defend your design decisions, and think critically under
36 | pressure.
37 |
38 | Reflection helps you distill your experience into something actionable and
39 | transferable -- whether you're applying for jobs, building infrastructure, or
40 | consulting on hardening strategies. It can also help you determine where your weak
41 | points are and what you need to spend more time on learning.
42 |
43 | ## Prerequisites
44 |
45 | To make the most of this unit, students should:
46 |
47 | 1. Have completed or attempted all prior labs and worksheets.
48 | 2. Be comfortable referencing course topics such as logging, STIGs, monitoring, automation, and baselining.
49 | 3. Be prepared to synthesize and summarize technical content in their own words.
50 | 4. Have begun (or be close to completing) their final project documentation and diagrams.
51 |
52 | ## Key terms and Definitions
53 |
54 | This unit's terms and definitions are to be drawn from the lesson or recording.
55 |
56 | As you watch the recording, take note of terms you're not familiar with and take the
57 | time to research them.
58 |
--------------------------------------------------------------------------------
/src/assets/downloads/u3/u3_worksheet.txt:
--------------------------------------------------------------------------------
1 | ProLUG Security Engineering
2 | Unit 3 Worksheet
3 |
4 | Instructions
5 | Fill out this sheet as you progress through the lab and discussions. Hold your worksheets until
6 | the end to turn them in as a final submission packet.
7 |
8 | Discussion Questions:
9 |
10 | Unit 3 Discussion Post 1: There are 16 Stigs that involve PAM for RHEL 9. Read the guide
11 | from Rocky Linux here: https://docs.rockylinux.org/guides/security/pam/
12 | 1. What are the mechanisms and how do they affect PAM functionality?
13 | a. Review /etc/pam.d/sshd on a Linux system, what is happening in that file
14 | relative to these functionalities?
15 |
16 | 2. What are the common PAM modules?
17 | a. Review /etc/pam.d/sshd on a Linux system, what is happening in that file
18 | relative to these functionalities?
19 |
20 | 3. Look for a blog post or article about PAM that discusses real world application. Post
21 | it here and give us a quick synopsis. (Bonus arbitrary points if you find one of our
22 | ProLUG members blogs on the subject.)
23 |
24 | Unit 3 Discussion Post 2: Read about active directory (or LDAP) configurations of Linux via
25 | sssd here:
26 | https://docs.rockylinux.org/guides/security/authentication/active_directory_authentication/
27 | 1. Why do we not want to just use local authentication in Linux? Or really any system?
28 | 2. There are 4 SSSD STIGS.
29 | a. What are they?
30 | b. What do they seek to do with the system?
31 |
32 | Definitions/Terminology
33 |
34 | PAM
35 |
36 | AD
37 |
38 | LDAP
39 |
40 | sssd
41 |
42 | oddjob
43 |
44 | krb5
45 |
46 | realm/realmd
47 |
48 | wheel (system group in RHEL)
49 |
50 | Notes During Lecture/Class:
51 |
52 | Links:
53 | - https://www.sans.org/information-security-policy/
54 | - https://www.sans.org/blog/the-ultimate-list-of-sans-cheat-sheets/
55 | - https://docs.rockylinux.org/guides/security/pam/
56 | - https://docs.rockylinux.org/guides/security/authentication/active_directory_authentication/
57 | - https://docs.rockylinux.org/books/admin_guide/06-users/
58 |
59 | Terms:
60 | Useful tools:
61 | - STIG Viewer 2.18
62 | - SCC Tool (version varies by type of scan)
63 | - OpenScap
64 | Lab and Assignment
65 | Unit3_Identity_and_Access_Management - To be completed outside of lecture time.
66 | Digging Deeper
67 |
68 | 1. How does /etc/security/access.conf come into play with pam_access? Read up on it
69 | here: https://man7.org/linux/man-pages/man8/pam_access.8.html
70 | a. Can you find any other good resources?
71 | b. What is the structure of the access.conf file directives?
72 | 2. What other important user access or user management information do you learn by
73 | reading this? https://docs.rockylinux.org/books/admin_guide/06-users/
74 | a. What is the contents of the /etc/login.defs file? Why do you care?
75 |
76 | Reflection Questions
77 |
78 | 1. What questions do you still have about this week?
79 | 2. How are you going to use what you've learned in your current role?
80 |
--------------------------------------------------------------------------------
/src/assets/downloads/u4/u4_worksheet.txt:
--------------------------------------------------------------------------------
1 | ProLUG Security Engineering
2 |
3 | Unit 4 Worksheet
4 |
5 | Instructions
6 | Fill out this sheet as you progress through the lab and discussions. Hold your worksheets until
7 | the end to turn them in as a final submission packet.
8 |
9 | Discussion Questions:
10 |
11 | Unit 4 Discussion Post 1: Review some of the blogs here:
12 | https://aws.amazon.com/search/?searchQuery=air+gapped#facet_type=blogs&page=1
13 | https://aws.amazon.com/blogs/security/tag/bastion-host/ or that you find on your own
14 | about air-gapped systems.
15 | 1. What seems to be the theme of air-gapped systems?
16 | 2. What seems to be their purpose?
17 | 3. If you use google, or an AI, what are some of the common themes that come up
18 | when asked about air-gapped or bastion systems?
19 |
20 | Unit 4 Discussion Post 2: Do a Google or AI search of topics around jailing a user or
21 | processes in Linux.
22 | 1. Can you enumerate the methods of jailing users?
23 | 2. Can you think of when you've been jailed as a Linux user? If not, can you think of the useful ways to use a jail?
24 |
25 | Definitions/Terminology
26 |
27 | Air-gapped
28 |
29 | Bastion
30 |
31 | Jailed process
32 |
33 | Isolation
34 |
35 | Ingress
36 |
37 | Egress
38 |
39 | Exfiltration
40 |
41 | Cgroups
42 |
43 | Namespaces
44 | - Mount
45 | - PID
46 | - IPC
47 | - UTS
48 |
49 | Notes During Lecture/Class:
50 | Links:
51 | - https://www.sans.org/information-security-policy/
52 | - https://www.sans.org/blog/the-ultimate-list-of-sans-cheat-sheets/
53 | -
54 | Terms:
55 | Useful tools:
56 | - STIG Viewer 2.18
57 | - SCC Tool (version varies by type of scan)
58 | - OpenScap
59 |
60 |
61 | Digging Deeper
62 |
63 | 1. While this isn't, strictly speaking, an automation course there is some value in
64 | looking at automation of the bastion deployments. Check out this ansible code:
65 | https://github.com/het-
66 | tanis/stream_setup/blob/master/roles/bastion_deploy/tasks/main.yml
67 | a. Does the setup make sense to you with our deployment?
68 | b. What can improve and make this better?
69 |
70 | 2. Find a blog or github where someone else deploys a bastion. Compare it to our
71 | process.
72 |
73 | 3. Knowing what you now know about bastions, jails, and air-gapped systems. Reflect
74 | on the first 3 weeks, all the STIGs you've reviewed and touched. Do any of them
75 | seem moot, or less necessary if applied in an air-gapped environment?
76 | a. Does your answer change if you read about Zero Trust and know how much of
77 | a hot topic that is in the security world now?
78 | i. Why or why not?
79 |
80 | 4. Think of a Linux system where you would like to deploy a bastion (If you cannot think
81 | of one, use ProLUG Lab). Draw out how you think the system works in
82 | excalidraw.com.
83 |
84 | Reflection Questions
85 | 1. Does it matter if the user knows that they are jailed? Why or why not?
86 | 2. What questions do you still have about this week?
87 | 3. How are you going to use what you've learned in your current role?
88 |
--------------------------------------------------------------------------------
/src/certify.md:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
Qualifying for the Certification
5 |
6 |
7 |
8 | ---
9 |
10 | Each course run through the Professional Linux Users Group (ProLUG) allows you to earn
11 | a certification upon completion.
12 |
13 | Certificates are awarded to those who complete the course within the timeframe that
14 | it is being run through the ProLUG Discord.
15 |
16 | - To see when courses are running, join the ProLUG Discord server and check the
17 | Events section.
18 |
19 | If you aim to earn the certification for completing this course, you must follow the
20 | guidelines set forth in this document.
21 |
22 | There are four main components to earning the certification.
23 |
24 | 1. [Worksheet Completion](#worksheet-completion)
25 |
26 | 2. [Discussion Questions](#discussion-questions)
27 |
28 | 3. [Lab Completion](#lab-completion)
29 |
30 | 4. [Final Project](#final-project)
31 |
32 | ## Worksheet Completion
33 |
34 | ---
35 |
36 | Each unit has a corresponding worksheet.
37 | On this worksheet are discussion questions, terms/definitions, **optional** "digging
38 | deeper" sections, and reflection questions.
39 |
40 | These worksheets must be filled out and kept until the end of the course.
41 | Upon reaching the end, they are to be submitted to the instructor (Scott Champine).
42 |
43 | ### Worksheet Submission Format
44 |
45 | ---
46 |
47 | The format in which you submit these worksheets is up to you.
48 |
49 | Some students prefer to keep them in a GitHub repository, others prefer to just keep
50 | them as files on their machines and submit via email.
51 |
52 | ## Discussion Questions
53 |
54 | ---
55 |
56 | Each unit's worksheet contains multiple discussion questions.
57 | Each discussion question has its own thread in the ProLUG Discord server, in the
58 | `#course-discussion-posts` forum channel.
59 |
60 | To qualify for certification, you must:
61 |
62 | - Post your answer to each discussion question in the correct thread.
63 | - Respond to another student's answer in the same thread.
64 |
65 | The goal of this is not to create busywork, but to spark discussions and see things
66 | from other points of view.
67 |
68 | ## Lab Completion
69 |
70 | ---
71 |
72 | Each unit has a lab that is to be completed.
73 |
74 | The labs, like the worksheets, should be also completed and saved until the end of
75 | the course.
76 |
77 | These labs should be submitted to the instructor along with the worksheets in the same format of your choice.
78 |
79 | ## Final Project
80 |
81 | ---
82 |
83 | Each ProLUG course has students complete a capstone project.
84 |
85 | This is a requirement for earning a ProLUG course certification.
86 |
87 | The project must meet the standards set forth in the Final Project Outline (or
88 | otherwise be approved by the instructor, Scott Champine).
89 |
--------------------------------------------------------------------------------
/src/u6intro.md:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
Unit 6 - Monitoring and Parsing Logs
5 |
6 |
7 |
8 | ## Overview
9 |
10 | Monitoring and parsing logs is one of the most essential security engineering
11 | practices in any production environment.
12 |
13 | This unit explores how logs are generated, formatted, collected, and analyzed across
14 | various layers of the infrastructure stack, from applications to operating systems
15 | to networks.
16 |
17 | Students will gain an operational understanding of how to identify log sources, use
18 | modern tools for log aggregation and search (such as Loki), and develop awareness of
19 | log structure, integrity, and retention requirements.
20 |
21 | ## Learning Objectives
22 |
23 | By the end of Unit 6, students will:
24 |
25 | 1. Understand the different types of logs and their role in system and security monitoring.
26 | 2. Identify log structures (e.g., RFC 3164, RFC 5424, `journald`) and apply
27 | appropriate parsing techniques.
28 | 3. Explore and configure log aggregation pipelines using modern tools like Grafana Loki.
29 | 4. Analyze real-world security events using log data and query languages.
30 | 5. Learn how log immutability and integrity contribute to reliable forensics and compliance.
31 |
32 | ## Relevance & Context
33 |
34 | Logs are often the first and best source of truth when diagnosing an incident,
35 | auditing a system, or responding to a breach.
36 | Without well-structured, searchable, and preserved logs, response teams are blind to
37 | what actually happened.
38 |
39 | This unit trains students to think like operators and defenders -- ensuring logs are
40 | complete, available, immutable, and actionable.
41 |
42 | It builds directly on previous units around compliance and auditing, preparing
43 | learners to create scalable observability strategies that support both security and
44 | performance goals.
45 |
46 | ## Prerequisites
47 |
48 | Before beginning Unit 6, students should:
49 |
50 | 1. Be comfortable working at the command line using `journalctl`, `grep`, `less`, and
51 | related tools.
52 | 2. Understand system service management with `systemctl`.
53 | 3. Have basic familiarity with syslog, log rotation, and the concept of standard
54 | input/output streams.
55 | 4. Be able to interact with YAML and JSON-formatted configuration files.
56 | 5. Have installed or downloaded STIG Viewer 2.18 for compliance reference.
57 |
58 | ## Key terms and Definitions
59 |
60 | Types of Logs
61 | - Application Logs
62 | - Host Logs
63 | - Network Logs
64 | - Database Logs
65 |
66 | Log Structure
67 |
68 | - RFC 3164 BSD Syslog
69 | - RFC 5424 IETF Syslog
70 | - Systemd Journal
71 |
72 | Log Rotation
73 |
74 | Log Aggregation
75 |
76 | - ELK Stack
77 | - Splunk
78 | - Loki
79 | - Graylog
80 |
81 | SIEM (Security Information and Event Management)
82 |
--------------------------------------------------------------------------------
/src/u7lab.md:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
Unit 7 Lab - Monitoring and Alerting
5 |
6 |
7 |
8 | > If you are unable to finish the lab in the ProLUG lab environment we ask you `reboot`
9 | > the machine from the command line so that other students will have the intended environment.
10 |
11 | ### Required Materials
12 |
13 | Putty or other connection tool Lab Server
14 |
15 | Root or sudo command access
16 |
17 | STIG Viewer 2.18 (download from )
18 |
19 | #### Downloads
20 |
21 | The lab has been provided below. The document(s) can be transposed to
22 | the desired format so long as the content is preserved. For example, the `.txt`
23 | could be transposed to a `.md` file.
24 |
25 | - 📥 u7_lab(`.txt`)
26 | - 📥 u7_lab(`.pdf`)
27 |
28 | ## Lab 🧪
29 |
30 | These labs focus on pulling metric information and then visualizing that data quickly on dashboards for real time analysis.
31 |
32 | ### Monitoring Jails with Fail2ban logs
33 |
34 |
35 |
36 | 1. Complete the lab:
37 |
38 | - Were you able to see the IP address that was banned and unban it?
39 |
40 | - Were you able to see all the NOTICE events in Grafana?
41 |
42 | - What other questions do you have about this lab, and how might you go figure them
43 | out?
44 |
45 | ### Monitoring Jails with Fail2ban and telemetry data
46 |
47 |
48 |
49 | 1. Complete the lab here:
50 |
51 | - Do you see `fail2ban` in the Grafana Dashboard? If not, how are you going to
52 | troubleshoot it?
53 |
54 | - Did you get your test alert and then real alert to trigger into the Discord channel?
55 |
56 | - What other applications or uses for this could you think of? Do you have other
57 | places you could send alerts that would help you professionally?
58 |
59 | ## Digging Deeper challenge (not required for finishing lab)
60 |
61 | 1. Review the alert manager documentation:
62 |
63 |
64 | - What are all the types of receivers you see?
65 |
66 | - Which of the receivers do you have experience with?
67 |
68 | 2. Review the Grafana alert thresholds:
69 |
70 |
71 | - Can you modify one of the thresholds from the lab to trigger into the discord?
72 |
73 | - What is the relationship between critical and warning by default?
74 |
75 | > Be sure to `reboot` the lab machine from the command line when you are done.
76 |
--------------------------------------------------------------------------------
/ref/uws.md:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
PLACEHOLDER: Unit N - Unit Title
5 |
6 |
7 |
8 | (However, these are not hard fast templates, as long as the style is maintained
9 | there is a degree of freedom. We are using `prettier` for formatting.)
10 |
11 | ## Instructions
12 |
13 | ---
14 |
15 | Fill out the worksheet as you progress through the lab and discussions.
16 | Hold your worksheets until the end to turn them in as a final submission packet.
17 |
18 | ### Resources / Important Links
19 |
20 | - [PLACEHOLDER]()
21 | - [PLACEHOLDER]()
22 | - [PLACEHOLDER]()
23 |
24 | #### Downloads
25 |
26 | The worksheet has been provided below. The document(s) can be transposed to
27 | the desired format so long as the content is preserved. For example, the `.txt`
28 | could be transposed to a `.md` file.
29 |
30 | - 📥 u_worksheet(`.txt`)
31 | - 📥 u_worksheet(`.docx`)
32 |
33 | ### Unit N Recording
34 |
35 |
45 |
46 | #### Discussion Post #1
47 |
48 | 1. PLACEHOLDER - Questions will be in ordered lists.
49 |
50 | 2. PLACEHOLDER - Questions will be in ordered lists.
51 |
52 | #### Discussion Post #2
53 |
54 | > PLACEHOLDER - Scenarios go inside block quotes.
55 |
56 | 1. PLACEHOLDER - Questions will be in ordered lists.
57 |
58 | 2. PLACEHOLDER - Questions will be in ordered lists.
59 |
60 |
61 |
62 | Submit your input by following the link below:
63 |
64 | The discussion posts are done in Discord threads. Click the 'Threads' icon on the top right and search for the discussion post.
65 |
66 |
67 |
68 | - [Link to Discussion Posts](https://discord.com/channels/611027490848374811/1098309490681598072)
69 |
70 | ## Definitions
71 |
72 | ---
73 |
74 | PLACEHOLDER: The terms will be left blank for the student to fill in.
75 |
76 | PLACEHOLDER:
77 |
78 | PLACEHOLDER:
79 |
80 | PLACEHOLDER:
81 |
82 | PLACEHOLDER:
83 |
84 | ## Digging Deeper
85 |
86 | ---
87 |
88 | 1. PLACEHOLDER - Questions will be in ordered lists.
89 | - Related sub-questions will be in nested unordered lists.
90 |
91 | ## Reflection Questions
92 |
93 | ---
94 |
95 |
96 |
97 | 1. What questions do you still have about this week?
98 |
99 | 2. PLACEHOLDER: Second question from the worksheet.
100 |
--------------------------------------------------------------------------------
/src/u10ws.md:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
Unit 10 Worksheet - Recap and Final Project
8 |
9 |
10 |
11 | ## Instructions
12 |
13 | ---
14 |
15 | Fill out this sheet as you progress through the lab and discussions. Hold your worksheets until
16 | the end to turn them in as a final submission packet.
17 |
18 | ### Resources / Important Links
19 |
20 | #### Downloads
21 |
22 | The worksheet has been provided below. The document(s) can be transposed to
23 | the desired format so long as the content is preserved. For example, the `.txt`
24 | could be transposed to a `.md` file.
25 |
26 | - 📥 u10_worksheet(`.txt`)
27 | - 📥 u10_worksheet(`.pdf`)
28 |
29 | ### Unit 10 Recording
30 |
31 |
40 |
41 | #### Discussion Post #1
42 |
43 | Capture all the terms and concepts that we talk about in this week’s recording.
44 |
45 | 1. How many new topics or concepts do you have to go read about now?
46 | 2. What was completely new to you?
47 | 3. What is something you heard before, but need to spend more time with?
48 |
49 | #### Discussion Post #2
50 |
51 | 1. Think about how the course objectives apply to the things you’ve worked on.
52 | - How would you answer if I asked you for a quick rundown of how you would
53 | secure a Linux system?
54 | - How would you answer if I asked you why you are a good fit as a security
55 | engineer in my company?
56 | - Think about what security concepts you think bear the most weight as you
57 | put these course objectives onto your resume.
58 | 1. Which would you include?
59 | 2. Which don’t you feel comfortable including?
60 |
61 | ---
62 |
63 |
64 |
65 | Submit your input by following the link below.
66 |
67 | The discussion posts are done in Discord Forums.
68 |
69 |
70 |
71 | - [Link to Discussion Forum](https://discord.com/channels/611027490848374811/1365776270800977962)
72 |
73 | ## Definitions
74 |
75 | ---
76 |
77 | - Capture terms and definitions from this week's lesson or recording
78 |
79 | ## Digging Deeper
80 |
81 | ---
82 |
83 | 1. Review more of the SRE books from Google: to try to find
84 | more useful change management practices and policies.
85 |
--------------------------------------------------------------------------------
/src/u8intro.md:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
Unit 8 - Configuration Drift and Remediation
5 |
6 |
7 |
8 | ## Overview
9 |
10 | Configuration drift is the silent enemy of consistent, secure infrastructure.
11 | When systems slowly deviate from their intended state, whether that be through manual
12 | changes, failed updates, or misconfigured automation, security risks increase and
13 | reliability suffers.
14 |
15 | In this unit, we focus on identifying, preventing, and correcting configuration drift.
16 | Students will explore concepts like Infrastructure as Code (IaC), immutable
17 | infrastructure, and centralized configuration management.
18 | We will also look at how drift can be detected through tools like AIDE and remediated
19 | through automation platforms like Ansible.
20 |
21 | Students will not only understand why drift happens, but also learn how to build
22 | resilient systems that can identify and self-correct unauthorized changes.
23 |
24 | ## Learning Objectives
25 |
26 | 1. Define configuration drift and understand its impact on security and operations.
27 | 2. Explore change management frameworks, including CMDBs and baselines.
28 | 3. Implement detection tools like AIDE to monitor file system integrity.
29 | 4. Use Ansible to remediate drift and enforce configuration state.
30 | 5. Connect drift management to compliance, auditability, and incident response.
31 |
32 | ## Relevance & Context
33 |
34 | Configuration drift undermines both security and operational goals.
35 | Whether through silent config changes or forgotten test artifacts, drift introduces
36 | uncertainty and risk.
37 | In enterprise environments, undocumented changes can void audits, invalidate incident
38 | investigations, or introduce vulnerabilities unnoticed.
39 |
40 | Security engineers must treat configuration as code and enforce strong change control
41 | policies. By learning to detect, document, and automatically remediate drift,
42 | students will be equipped to reduce their organization's attack surface and ensure
43 | long-term consistency.
44 |
45 | This unit ties together principles of monitoring, logging, and automation into a
46 | unified practice: configuration control.
47 |
48 | ## Prerequisites
49 |
50 | To succeed in this unit, students should be comfortable with:
51 |
52 | 1. Basic command line navigation and editing skills (`vi`, `cat`, `grep`)
53 | 2. Experience using Ansible or YAML-based automation (basic playbook structure)
54 | 3. Familiarity with STIGs and the use of the STIG Viewer
55 |
56 | ## Key terms and Definitions
57 |
58 | Configuration Drift
59 |
60 | System Lifecycle
61 |
62 | Change Management
63 | - CMDB (Configuration Management Database)
64 | - CI (Configuration Item)
65 | - Baseline
66 |
67 | Build Book / Run Book
68 |
69 | Immutable Infrastructure
70 |
71 | Hashing
72 | - `md5sum`, `sha256sum`, etc.
73 |
74 | IaC (Infrastructure as Code)
75 |
76 | Orchestration
77 |
78 | Automation
79 |
80 | AIDE (Advanced Intrusion Detection Environment)
81 |
82 |
--------------------------------------------------------------------------------
/src/u4lab.md:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
Unit 4 Lab - Bastions
5 |
6 |
7 |
8 | > If you are unable to finish the lab in the ProLUG lab environment we ask you `reboot`
9 | > the machine from the command line so that other students will have the intended environment.
10 |
11 | ### Required Materials
12 |
13 | Putty or other connection tool Lab Server
14 |
15 | Root or sudo command access
16 |
17 | STIG Viewer 2.18 (download from )
18 |
19 | #### Downloads
20 |
21 | The lab has been provided below. The document(s) can be transposed to
22 | the desired format so long as the content is preserved. For example, the `.txt`
23 | could be transposed to a `.md` file.
24 |
25 |
26 | - 📥 u4_lab(`.pdf`)
27 |
28 |
29 | ## PreLAB
30 |
31 | Review lab diagram for the Bastion design.
32 |
33 |
34 |
35 | ## LAB
36 |
37 | This lab is designed to have the engineer practice securing a Linux environment by the use of bastion
38 | hosts and jailing users as they enter an air-gapped environment.
39 |
40 | ### Jailing a User
41 |
42 | 1. Follow the lab here answering the questions below as you progress:
43 |
44 |
45 | 2. If you were to write out the high level steps of building a chroot jail, what would they be?
46 |
47 | 3. Think about what you did in the lab and what extra (or less) you might give a user/process.
48 | - What directories are needed?
49 | - What executables might you give the jailed user/process?
50 | - If you give an executable, why is it important to give the link libraries that it uses?
51 | - What are the special files that you made with mknod and why must they be there?
52 | (try removing them or redoing the lab without them. How does it break?)
53 |
54 | ### Building a Bastion
55 |
56 | 1. Follow the lab here:
57 |
58 | 2. If you were to write out the high level steps of building a bastion host, what would they be?
59 |
60 | 3. When you jump into the bastion host, do you have any options other than the one you have given yourself?
61 |
62 | 4. How did you test that you couldn't leave the jailed environment?
63 | - How effective do you think this is as a technical preventative control against user
64 | breakout in the jail, having a 20 second timeout?
65 |
66 | ## Digging Deeper challenge (not required for finishing lab)
67 |
68 | 1. Fix the drawing from the lab with excalidraw and properly replace it here:
69 |
70 |
71 | 2. Do a pull request and get some github street cred or something.
72 |
73 | > Be sure to `reboot` the lab machine from the command line when you are done.
74 |
--------------------------------------------------------------------------------
/src/assets/deploy/ansible-playbook.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Deploy local ProLUG mdBook dev page machine/container
3 | hosts: # change targeted host/hosts here
4 | become: true
5 | gather_facts: true
6 |
7 | tasks:
8 | - name: Build ProLUG website for DNF Systems
9 | when: ansible_pkg_mgr == "dnf"
10 | block:
11 | - name: Install and initialize dependencies
12 | ansible.builtin.package:
13 | update_cache: true
14 | name:
15 | - httpd
16 | - git
17 | - gcc
18 | - rust
19 | - cargo
20 | state: present
21 |
22 | - name: Initialize httpd
23 | ansible.builtin.service:
24 | name: httpd
25 | state: started
26 | enabled: true
27 |
28 | - name: DNF - Installing mdbook
29 | community.general.cargo:
30 | name: mdbook
31 | locked: true
32 | state: present
33 |
34 | - name: Build ProLUG website for APT systems
35 | when: ansible_pkg_mgr == "apt"
36 | block:
37 | - name: Install dependencies apt
38 | ansible.builtin.package:
39 | update_cache: true
40 | name:
41 | - apache2
42 | - git
43 | - gcc
44 | - rustc-1.80
45 | - cargo-1.80
46 | state: present
47 |
48 | - name: Initialize apache2
49 | ansible.builtin.service:
50 | name: apache2
51 | state: started
52 | enabled: true
53 |
54 | - name: APT - Installing mdbook
55 | ansible.builtin.command:
56 | argv:
57 | - /usr/bin/cargo-1.80
58 | - install
59 | - --locked
60 | - mdbook@0.4.48
61 |
62 | - name: Verifying presence of ProLUG repo
63 | ansible.builtin.command: ls /root/psc/
64 | register: contents_git
65 | ignore_errors: true
66 |
67 | - name: Cloning down ProLUG repo
68 | ansible.builtin.git:
69 | repo: "https://github.com/ProfessionalLinuxUsersGroup/psc"
70 | dest: /root/psc/
71 | clone: true
72 | when: contents_git.stdout == ""
73 |
74 | - name: DNF - Building mdbook
75 | ansible.builtin.command:
76 | chdir: /root/psc
77 | argv:
78 | - /root/.cargo/bin/mdbook
79 | - build
80 | - --dest-dir
81 | - /var/www/html
82 | when: ansible_pkg_mgr == "dnf"
83 | notify: Restart httpd
84 |
85 | - name: APT - Building mdbook
86 | ansible.builtin.command:
87 | chdir: /root/psc
88 | argv:
89 | - /root/.cargo/bin/mdbook
90 | - build
91 | - --dest-dir
92 | - /var/www/html
93 | when: ansible_pkg_mgr == "apt"
94 | notify: Restart apache2
95 |
96 | handlers:
97 | - name: Restart httpd
98 | ansible.builtin.service:
99 | name: httpd
100 | state: restarted
101 | - name: Restart apache2
102 | ansible.builtin.service:
103 | name: apache2
104 | state: restarted
105 |
--------------------------------------------------------------------------------
/src/u1intro.md:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
Unit 1 - Build Standards and Compliance
5 |
6 |
7 |
8 | ## Overview
9 |
10 | Building standards and compliance in cybersecurity engineering ensures that
11 | systems adhere to industry best practices, regulatory requirements, and
12 | security frameworks, reducing risks and vulnerabilities.
13 |
14 | By implementing structured guidelines through tools and frameworks like STIGs
15 | (Security Technical Implementation Guides) and the NIST CS (National Institute
16 | of Standards and Technology Cyber Security) framework, organizations can maintain
17 | resilience against evolving threats while ensuring accountability and regulatory alignment.
18 |
19 | This chapter will present critical knowledge in implementing security controls in
20 | information systems.
21 |
22 | ## Learning Objectives
23 |
24 | By the end of Unit 1 students will have foundational knowledge and skills of
25 | the concepts below:
26 |
27 | 1. Security Frameworks such as STIGs, CIS Controls, NIST Cybersecurity Framework
28 | 2. Regulatory Compliance and Industry Standards when administering and building systems
29 | 3. Skills and concepts in interacting with STIG remediation processes
30 | 4. Understanding Risk Management and concepts surrounding risk vectors to organizations
31 | 5. STIG Remediation and documentation skills
32 |
33 | ## Relevance & Context
34 |
35 | As the shepherds of sensitive data and systems, it is the ethical and legal duty of individuals
36 | that administer and build these systems to protect them from malicious actors with no regard for
37 | propriety. To be successful in securing systems students will need to thoroughly understand the
38 | cybersecurity landscape, its myriad potential threats, and the tools engineers and administrators
39 | have at their disposal.
40 |
41 | The concepts presented in this unit play a pivotal role in organizing and structuring a resilient security
42 | posture against threats to enterprise and organizational entities. They provide processes and procedures
43 | that engineers and administrators can implement to significantly reduce the attack surface of the systems
44 | they administer along with building a system of logging and documentation in the eventuality of a security
45 | incident.
46 |
47 | By thoroughly understanding these concepts students will be armed with a set of tools in the eternal and
48 | ever evolving landscape of cybersecurity.
49 |
50 | ## Prerequisites
51 |
52 | Students should have a strong understanding of such skills as presented
53 | in the Linux Administration Course including:
54 |
55 | 1. The Command Line Interface and BASH shell skills
56 | 2. Installing and Updating Linux System Packages
57 | 3. Interacting with command line tools such as: `systemctl`, `mount`, `grep`, and `ss`
58 | 4. Ability to interact with basic SQL queries using MariaDB
59 | 5. Students will need to download the latest STIG viewer, v2.18
60 |
61 | ## Key terms and Definitions
62 |
63 | CIA Triad
64 | Regulatory Compliance
65 | HIPAA
66 | Industry Standards
67 | PCI/DSS
68 | Security Frameworks
69 | CIS
70 | STIG
71 |
--------------------------------------------------------------------------------
/src/assets/downloads/u7/u7_worksheet.txt:
--------------------------------------------------------------------------------
1 | ProLUG Security Engineering
2 |
3 | Unit 7 Worksheet
4 |
5 | Instructions
6 | Fill out this sheet as you progress through the lab and discussions. Hold your worksheets until
7 | the end to turn them in as a final submission packet.
8 |
9 | Discussion Questions:
10 |
11 | Unit 7 Discussion Post 1:
12 | Read about telemetry, logs, and traces. Ther are many good
13 | sources, even from Microsoft: https://microsoft.github.io/code-with-engineering-playbook/observability/log-vs-metric-vs-trace/
14 | a. How does the usage guidance of that blog (at bottom) align with your
15 | understanding of these three items?
16 | b. What other useful blogs or AI write-ups were you able to find?
17 | c. What is the usefulness of this in securing your system?
18 |
19 | Unit 7 Discussion Post 2:
20 | When we think of our systems, sometimes an airgapped system
21 | is simple to think about because everything is closed in. The idea of alerting or reporting is
22 | the opposite. We are trying to get the correct, timely, and important information out of the
23 | system when and where it is needed.
24 |
25 | Read the summary at the top of:
26 | https://docs.google.com/document/d/199PqyG3UsyXlwieHaqbGiWVa8eMWi8zzAn0YfcApr8Q/edit?tab=t.0
27 |
28 | a. What is the litmus test for a page? (Sending something out of the system?)
29 | b. What is over-monitoring v. under-monitoring. Do you agree with the
30 | assessment of the paper? Why or why not, in your experience?
31 | c. What is cause-based v. symptom-based and where do they belong? Do you agree?
32 |
33 |
34 | Definitions/Terminology
35 | - Telemetry
36 | - Tracing
37 | - Span
38 | - Label
39 | - Time Series Database (TSDB)
40 | - Queue
41 | - Upper control limit / Lower control limit (UCL/LCL)
42 | - Aggregation
43 | - SLO, SLA, SLI
44 | - Push v. Pull of data
45 | - Alerting rules
46 | - Alertmanager
47 | - Alert template
48 | - Routing
49 | - Throttling
50 | - Monitoring for defensive operations
51 | - SIEM
52 | - Intrusion Detection Systems - IDS
53 | - Intrusion Prevention Systems - IPS
54 |
55 |
56 | Notes During Lecture/Class:
57 |
58 | Links:
59 | - https://promlabs.com/promql-cheat-sheet/
60 | - https://www.sans.org/information-security-policy/
61 | - https://www.sans.org/blog/the-ultimate-list-of-sans-cheat-sheets/
62 |
63 | Terms:
64 |
65 | Useful tools:
66 | - STIG Viewer 2.18
67 | - SCC Tool (version varies by type of scan)
68 | - OpenScap
69 |
70 |
71 | Lab and Assignment
72 | Unit7_Monitoring_and_Alerting - To be completed outside of lecture time.
73 |
74 |
75 | Digging Deeper
76 |
77 | 1. Look into Wazuh:
78 | Security Information and Event Management (SIEM). Real Time Monitoring | Wazuh: https://wazuh.com/platform/siem/
79 |
80 | a. What are their major capabilities and features? (what they advertise)
81 | b. What are they doing with logs that increases visibility and usefulness in the security space?
82 | Log data analysis - Use cases · Wazuh documentation: https://documentation.wazuh.com/current/getting-started/use-cases/log-analysis.html
83 |
84 | Reflection Questions
85 | 1. What do I mean when I say that security is an art and not an engineering practice?
86 | 2. What questions do you still have about this week?
87 | 3. How are you going to use what you've learned in your current role?
88 |
--------------------------------------------------------------------------------
/src/u9ws.md:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
Unit 9 Worksheet - Certificate and Key Madness
5 |
6 |
7 |
8 | ## Instructions
9 |
10 | ---
11 |
12 | Fill out this sheet as you progress through the lab and discussions. Hold your worksheets until
13 | the end to turn them in as a final submission packet.
14 |
15 | ### Resources / Important Links
16 |
17 | -
18 | -
19 | -
20 | -
21 | -
22 | -
23 |
24 |
25 | #### Downloads
26 |
27 | The worksheet has been provided below. The document(s) can be transposed to
28 | the desired format so long as the content is preserved. For example, the `.txt`
29 | could be transposed to a `.md` file.
30 |
31 | - 📥 u9_worksheet(`.txt`)
32 | - 📥 u9_worksheet(`.pdf`)
33 |
34 | ### Unit 9 Recording
35 |
36 | - Coming Soon
37 |
38 | #### Discussion Post #1
39 |
40 | Read the Security Services section, pages 22-23 of
41 | https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r5.pdf and
42 | answer the following questions.
43 |
44 | 1. How do these topics align with what you already know about system security?
45 |
46 | 2. Were any of the terms or concepts new to you?
47 |
48 |
49 |
50 | Submit your input by following the link below.
51 |
52 | The discussion posts are done in Discord Forums.
53 |
54 |
55 |
56 | - [Link to Discussion Forum](https://discord.com/channels/611027490848374811/1377483939706310736)
57 |
58 | #### Discussion Post #2
59 |
60 | Review the TLS Overview section, pages 4-7 of https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-52r2.pdf and answer the following questions.
61 |
62 | 1. What are the three subprotocols of TLS?
63 |
64 | 2. How does TLS apply
65 |
66 | - Confidentiality
67 | - Integrity
68 | - Authentication
69 | - Anti-replay
70 |
71 |
72 |
73 | Submit your input by following the link below.
74 |
75 | The discussion posts are done in Discord Forums.
76 |
77 |
78 |
79 | - [Link to Discussion Forum](https://discord.com/channels/611027490848374811/1377484046757662801)
80 |
81 | ## Definitions
82 |
83 | ---
84 |
85 | - TLS
86 | - Symmetric Keys
87 | - Asymmetric Keys
88 | - Non-Repudiation
89 | - Anti-Replay
90 | - Plaintext
91 | - Cyphertext
92 | - Fingerprints
93 | - Passphrase (in key generation)
94 |
95 | ## Digging Deeper
96 |
97 | ---
98 |
99 | 1. Finish reading about TLS in the publication and think about where you might apply it.
100 |
101 | ## Reflection Questions
102 |
103 | ---
104 |
105 | 1. What were newer topics to you, or alternatively what was a new application of
106 | something you already had heard about?
107 |
108 | 2. What questions do you still have about this week?
109 |
110 | 3. How are you going to use what you've learned in your current role?
111 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | ## 🚧 Currently Under Development 🚧
2 |
3 | # The Professional Linux Users Group (ProLUG) Systems Security Course Book
4 |
5 | Current deployment:
6 |
7 | ## Goals
8 |
9 | The overarching goal of this project is to provide a free, open source Systems Administration course
10 | predicated on the work produced by Scott Champine, an experienced and skilled Senior Systems Engineer.
11 |
12 | Scott has over 20+ years administering and engineering Linux systems across a broad variety of
13 | fields and teams. He has built and maintains systems like High Performance Compute (HPC) clusters
14 | for [NOAA (The National Oceanic and Atmospheric Administration)](https://www.noaa.gov/) and more.
15 |
16 | ProLUG looks forward to working with contributors who want to give back to the community and produce
17 | skilled Systems Administrators and Systems enthusiasts.
18 |
19 | ## Objectives
20 |
21 | Contributors will be tasked with developing templated course material provided by Scott Champine.
22 | Outlined below are a set of objectives this repository attempts to provide.
23 |
24 | - Provide a centralized set of worksheets and labs for prospective learners to begin understanding Systems Security.
25 | - Deliver templated versions of course work per unit along with supplementary material and video.
26 | - Provide learners with foundational knowledge in computer systems to include:
27 | - Security Frameworks:
28 | - CIS (Center for Internet Security) Benchmarks
29 | - STIG (Security Technical Implementation Guides) Tools
30 | - PCI/DSS (Payment Compliance & Diplomatic Security Service) Compliances
31 | - Basic to Advanced System Security:
32 | - Networks; Ports, Firewalls
33 | - User Access; LDAP, Vaults, Cloud Procedures
34 | - Update and Patch cycles; Pre-Checks, Deploying, Testing
35 | - Bastions and Airgaps
36 | - Change Management
37 | - Configuration drift and remediation
38 | - Monitoring:
39 | - Alert management; Prometheus
40 | - Tools and Techniques; rsyslog, Promtail, Splunk Forwarder
41 | - Certificates and Key Management
42 | - NIST (National Institute of Standards and Technology) Best practices
43 |
44 | ## To Begin Contributing
45 |
46 | ProLUG asks all contributors to understand and adhere to the principles and guidelines detailed
47 | in the [contributing.md](https://github.com/ProfessionalLinuxUsersGroup/psc/blob/main/src/contributing.md) markdown file.
48 | Contributors found significantly deviating from these policies will have their work discarded appropriately.
49 |
50 | Contributors will be provided with supplementary material to begin building out unit worksheet labs
51 | and templates within the project managed issues board.
52 |
53 | To start contributing:
54 |
55 | - Understand the repository objectives
56 | - Read the [contributing.md](https://github.com/ProfessionalLinuxUsersGroup/psc/blob/main/src/contributing.md) markdown
57 | - Look over the [template pages wiki](https://github.com/ProfessionalLinuxUsersGroup/psc/wiki), or directly here:
58 | - Pages: [intro](https://github.com/ProfessionalLinuxUsersGroup/psc/blob/main/ref/intro.md),
59 | [bonus](https://github.com/ProfessionalLinuxUsersGroup/psc/blob/main/ref/ub.md),
60 | [lab](https://github.com/ProfessionalLinuxUsersGroup/psc/blob/main/ref/ulab.md),
61 | [worksheet](https://github.com/ProfessionalLinuxUsersGroup/psc/blob/main/ref/uws.md)
62 | - Request to be assigned a task within the repo [Issues](https://github.com/ProfessionalLinuxUsersGroup/psc/issues) tab
63 | - Fork this repository and create a development branch for eventual pull requests
64 | - Strictly adhere to contemporary GitHub contribution decorum to facilitate the version control process
65 |
--------------------------------------------------------------------------------
/src/assets/downloads/u8/u8_lab.txt:
--------------------------------------------------------------------------------
1 | Unit 8 Lab – Configuration Drift and Remediation
2 |
3 | Required Materials
4 |
5 | Putty or other connection tool
6 | Lab Server
7 | Root or sudo command access
8 |
9 | LAB
10 |
11 | These labs focus on configuration drift tracking and remediation.
12 |
13 | Operational Activities
14 |
15 | 1. Check your stig viewer and go to RHEL 9 stigs.
16 | 2. Set a filter for “change management”.
17 | a. How many STIGs do you see?
18 | 3. Review the wording, what is meant by a robust change management process?
19 | a. Do you think this can be applied in just one STIG? Why or why not?
20 | b. What type of control is being implemented with change management in these STIGS?
21 | i. Is it different across the STIGs or all the same?
22 |
23 | Monitoring configuration drift with Aide
24 |
25 | 1. Go into the sandbox lab: https://killercoda.com/playgrounds/scenario/ubuntu
26 | 2. Install aide and watch the installation happen.
27 | a. apt -y install aide
28 | b. What is being put in the path /etc/aide/aide.conf.d/ ?
29 | i. How many files are in there?
30 | 3. Check your version of aide
31 | a. aide -v
32 | 4. Read the man page (first page).
33 | a. What does aide try to do, and how does it do it?
34 | 5. What is the configuration of cron found in /etc/cron.daily/dailyaidecheck?
35 | a. What does this attempt to do?
36 | b. What checks are there before execution?
37 | c. Read the man for capsh, what is it used for?
38 | 6. Set up aide according to the default configuration
39 | a. time aide -i -c /etc/aide/aide.conf
40 | b. How long did that take?
41 | i. How much time was wall clock v. system/user time?
42 | ii. Why might you want to know this on your systems?
43 | iii. What do you notice about the output?
44 | 1. What do you need to go read about?
45 | (Mine took 5 minutes 8 seconds to run on the lab system)
46 |
47 | 7. Set the database up properly
48 | a. cp /var/lib/aide/aide.db.new /var/lib/aide/aide.db
49 | b. update-aide.conf
50 | 8. Test aide by making files in a tracked directory
51 | a. mkdir /root/prolug
52 | b. touch /root/prolug/test1
53 | c. touch /root/prolug/test1
54 | d. time aide -c /etc/aide/aide.conf –check
55 | i. Did you see your new files created?
56 | ii. How long did this take to run?
57 | 1. What type of usage do you see against user/system space?
58 |
59 | Using Ansible to fix drift
60 |
61 | 1. Complete the lab here: https://killercoda.com/het-tanis/course/Ansible-Labs/16-Ansible-Web-
62 | Server-Env-Deploy
63 | 2. When you finish ensure that you see broken output for 8081, as required.
64 | a. curl node01:8080
65 | 3. One of the dev teams figured out they could modify the test and qa environments because a
66 | previous engineer left them in the sudoers file. You can address that separately with the security
67 | team, but for now you need to get those environments back to working. Run your original
68 | deployment command to see if it sets the environment back properly.
69 | a. ansible-playbook -i /root/hosts/root/web_environment.yaml
70 | b. Did this force the system back into a working configuration?
71 | i. If it worked, would it always work, or could they the system need to be manually intervened?
72 | ii. What is your test? (hint: curl 8080 8081 and 8082 from previous commands)
73 | c. Could this cause potential problems in the environment?
74 | i. If so, is that problem based on technology or operational practices? Why?
75 |
76 | Digging Deeper challenge (not required for finishing lab)
77 |
78 | 1. Complete this lab: https://killercoda.com/het-tanis/course/Ansible-Labs/19-Ansible-csv-report
79 | a. Can you think about how you’d use this to verify that a system was stamped according to your build process?
80 | i. You may have to tie it in with something like this lab and add some variables to your custom facts files, maybe the date of deployment:
81 | https://killercoda.com/het-tanis/course/Ansible-Labs/12-Ansible-System-Facts-Grouping
--------------------------------------------------------------------------------
/src/u1ws.md:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
Unit 1 Worksheet - Build Standards and Compliance
8 |
9 |
10 |
11 | ## Instructions
12 |
13 | ---
14 |
15 | Fill out this sheet as you progress through the lab and discussions. Hold your worksheets until
16 | the end to turn them in as a final submission packet.
17 |
18 | ### Resources / Important Links
19 |
20 | -
21 | -
22 | -
23 | -
24 | -
25 |
26 | #### Downloads
27 |
28 | The worksheet has been provided below. The document(s) can be transposed to
29 | the desired format so long as the content is preserved. For example, the `.txt`
30 | could be transposed to a `.md` file.
31 |
32 | - 📥 u1_worksheet(`.txt`)
33 | - 📥 u1_worksheet(`.docx`)
34 |
35 | ### Unit 1 Recording
36 |
37 |
47 |
48 | #### Discussion Post #1
49 |
50 | The first question of this course is, "What is Security?"
51 |
52 | 1. Describe the CIA Triad.
53 | 2. What is the relationship between Authority, Will, and Force as they relate to security?
54 | 3. What are the types of controls and how do they relate to the above question?
55 |
56 | #### Discussion Post #2
57 |
58 | Find a STIG or compliance requirement that you do not agree is necessary for a server or service build.
59 |
60 | 1. What is the STIG or compliance requirement trying to do?
61 | 2. What category and type of control is it?
62 | 3. Defend why you think it is not necessary. (What type of defenses do you think you could present?)
63 |
64 |
65 |
66 | Submit your input by following the link below.
67 |
68 | The discussion posts are done in Discord threads. Click the 'Threads' icon on the top right and search for the discussion post.
69 |
70 |
71 |
72 | - [Link to Discussion Posts](https://discord.com/channels/611027490848374811/1098309490681598072)
73 |
74 | ## Definitions
75 |
76 | ---
77 |
78 | CIA Triad:
79 |
80 | Regulatory Compliance:
81 |
82 | HIPAA:
83 |
84 | Industry Standards:
85 |
86 | PCI/DSS:
87 |
88 | Security Frameworks:
89 |
90 | CIS:
91 |
92 | STIG:
93 |
94 | ## Digging Deeper
95 |
96 | ---
97 |
98 | 1. Research a risk management framework.
99 |
100 | - What are the areas of concern for risk management?
101 |
102 | 2. Research the difference between quantitative and qualitative risks.
103 |
104 | - Why might you use one or the other?
105 |
106 | 3. Research ALE, SLE, and ARO.
107 | - What are these terms in relation to?
108 | - How do these help in the risk discussion?
109 |
110 | ## Reflection Questions
111 |
112 | ---
113 |
114 | 1. What questions do you still have about this week?
115 |
116 | 2. How are you going to use what you've learned in your current role?
117 |
--------------------------------------------------------------------------------
/src/assets/downloads/u6/u6_worksheet.txt:
--------------------------------------------------------------------------------
1 | ProLUG Security Engineering
2 | Unit 6 Worksheet
3 |
4 | Instructions
5 | Fill out this sheet as you progress through the lab and discussions. Hold your worksheets until
6 | the end to turn them in as a final submission packet.
7 |
8 | Discussion Questions:
9 |
10 | Unit 6 Discussion Post 1: Review chapter 15 of the SRE book:
11 | https://google.github.io/building-secure-and-reliable-systems/raw/ch15.html#collect_appropriate_and_useful_logs.
12 | There are 14 references at the end of the chapter. Follow them for more information. One of them:
13 | https://jvns.ca/blog/2019/06/23/a-few-debugging-resources/ should be reviewed for
14 | question "c".
15 | a. What are some concepts that are new to you?
16 | b. There are 5 conclusions drawn, do you agree with them? Would you add or
17 | remove anything from the list?
18 | c. In Julia Evan's debugging blog, which shows that debugging is just another
19 | form of troubleshooting, what useful things do you learn about the
20 | relationship between these topics? Are there any techniques you already do
21 | that this helps solidify for you?
22 |
23 | Unit 6 Discussion Post 2: Read https://sre.google/sre-book/monitoring-distributed-systems/
24 |
25 | a. What interesting or new things do you learn in this reading? What may you
26 | want to know more about?
27 | b. What are the "4 golden signals"?
28 | c. After reading these, why is immutability so important to logging? What do you
29 | think the other required items are for logging to be effective?
30 |
31 | Definitions/Terminology
32 |
33 | Types of logs
34 | - Host
35 | - Application
36 | - Network
37 | - DB
38 |
39 | Immutable
40 |
41 | Structure of Logs
42 | - RFC 3164 BSD Syslog
43 | - RFC 5424 IETF Syslog
44 | - Systemd Journal
45 |
46 | Log rotation
47 |
48 | Rsyslog
49 |
50 | Log aggregation
51 | - ELK
52 | - Splunk
53 | - Graylog
54 | - Loki
55 | SIEM
56 |
57 | Notes During Lecture/Class:
58 |
59 |
60 |
61 | Links:
62 | - https://grafana.com/docs/loki/latest/query/analyzer/
63 | - https://www.sans.org/information-security-policy/
64 | - https://www.sans.org/blog/the-ultimate-list-of-sans-cheat-sheets/
65 | - https://public.cyber.mil/stigs/downloads/
66 |
67 | Terms:
68 |
69 | Useful tools:
70 | - STIG Viewer 2.18
71 | - SCC Tool (version varies by type of scan)
72 | - OpenScap
73 |
74 | Lab and Assignment
75 | Unit6_Logs_and_Parsing - To be completed outside of lecture time.
76 |
77 | Digging Deeper
78 |
79 | 1. Find a cloud service and see what their logging best practices are for security
80 | incident response. Here is AWS: https://aws.amazon.com/blogs/security/logging-
81 | strategies-for-security-incident-response/
82 | a. What are the high level concepts mentioned?
83 | b. What are the tools available and what actions do they take?
84 | c. What are the manual and automated query capabilities provided, and how
85 | do they help you rapidly get to a correct assessment of the logged events?
86 |
87 | 2. Open up that STIG Viewer and filter by "logging" for any of the previous STIGs we've
88 | worked on. (Mariadb has some really good ones.)
89 |
90 | a. What seems to be a common theme?
91 |
92 | b. What types of activities MUST be logged in various applications and
93 | operating systems?
94 | i. Does it make sense why all logins are tracked?
95 | ii. Does it make sense why all admin actions, even just attempted admin
96 | actions, are logged?
97 |
98 | Reflection Questions
99 |
100 | 1. What architectures have you used in your career?
101 | a. If you haven't yet worked with any of these, what do you think you would
102 | architect in the ProLUG lab (~60 virtual machines, 4 physical machines, 1
103 | NFS share, and 2 Windows laptops?)
104 |
105 | 2. What questions do you still have about this week?
106 |
107 | 3. How are you going to use what you've learned in your current role?
108 |
109 |
110 |
111 |
--------------------------------------------------------------------------------
/src/u2ws.md:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
Unit 2 Worksheet - Securing the Network Connection
5 |
6 |
7 |
8 | ## Instructions
9 |
10 | ---
11 |
12 | Fill out this sheet as you progress through the lab and discussions. Hold your worksheets until
13 | the end to turn them in as a final submission packet.
14 |
15 | ### Resources / Important Links
16 |
17 | -
18 | -
19 | -
20 | -
21 | -
22 |
23 | #### Downloads
24 |
25 | The worksheet has been provided below. The document(s) can be transposed to
26 | the desired format so long as the content is preserved. For example, the `.txt`
27 | could be transposed to a `.md` file.
28 |
29 | - 📥 u2_worksheet(`.txt`)
30 | - 📥 u2_worksheet(`.docx`)
31 |
32 | ### Unit 2 Recording
33 |
34 |
35 |
36 |
46 |
47 | #### Discussion Post #1
48 |
49 | There are 401 stigs for RHEL 9. If you filter in your STIG viewer for
50 | `sysctl` there are 33 (mostly network focused), ssh - 39, and network - 58. Now there are
51 | some overlaps between those, but review them and answer these questions
52 |
53 | 1. As systems engineers why are we focused on protecting the network portion of our
54 | server builds?
55 | 2. Why is it important to understand all the possible ingress points to our servers that
56 | exist?
57 | - Why is it so important to understand the behaviors of processes that are
58 | connecting on those ingress points?
59 |
60 | #### Discussion Post #2
61 |
62 | Read this:
63 | or similar blogs on DNS and host file configurations.
64 |
65 | 1. What is the significance of the nsswitch.conf file?
66 |
67 | 2. What are security problems associated with DNS and common exploits? (May have
68 | to look into some more blogs or posts for this)
69 |
70 |
71 | Submit your input by following the link below.
72 |
73 | The discussion posts are done in Discord threads. Click the 'Threads' icon on the top right and search for the discussion post.
74 |
75 |
76 |
77 | - [Link to Discussion Posts](https://discord.com/channels/611027490848374811/1098309490681598072)
78 |
79 | ## Definitions
80 |
81 | ---
82 |
83 | sysctl:
84 |
85 | nsswitch.conf:
86 |
87 | DNS:
88 |
89 | Openscap:
90 |
91 | CIS Benchmarks:
92 |
93 | ss/netstat:
94 |
95 | tcpdump:
96 |
97 | ngrep:
98 |
99 | ## Digging Deeper
100 |
101 | ---
102 |
103 | 1. See if you can find any DNS exploits that have been used and written up in the
104 | diamond model of intrusion analysis format. If you can, what are the primary actors
105 | and actions that made up the attack?
106 |
107 | ## Reflection Questions
108 |
109 | ---
110 |
111 | 1. What questions do you still have about this week?
112 |
113 | 2. How are you going to use what you've learned in your current role?
114 |
--------------------------------------------------------------------------------
/src/u8ws.md:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
Unit 8 Worksheet - Configuration Drift and Remediation
8 |
9 |
10 |
11 | ## Instructions
12 |
13 | ---
14 |
15 | Fill out this sheet as you progress through the lab and discussions. Hold your worksheets until
16 | the end to turn them in as a final submission packet.
17 |
18 | ### Resources / Important Links
19 |
20 | -
21 | -
22 | -
23 | -
24 |
25 | #### Downloads
26 |
27 | The worksheet has been provided below. The document(s) can be transposed to
28 | the desired format so long as the content is preserved. For example, the `.txt`
29 | could be transposed to a `.md` file.
30 |
31 | - 📥 u8_worksheet(`.txt`)
32 | - 📥 u8_worksheet(`.pdf`)
33 |
34 | ### Unit 8 Recording
35 |
36 |
45 |
46 | #### Discussion Post #1
47 |
48 | Read about configuration management here:
49 |
50 |
51 | - What overlap of terms and concepts do you see from this week’s meeting?
52 |
53 | - What are some of the standards and guidelines organizations involved with
54 | configuration management?
55 |
56 | - Do you recognize them from other IT activities?
57 |
58 | #### Discussion Post #2
59 |
60 | Review the SRE guide to treating configurations as code.
61 | Read as much as you like, but focus down on the “Practical Advice” section:
62 |
63 |
64 | - What are the best practices that you can use in your configuration management adherence?
65 |
66 | - What are the security threats and how can you mitigate them?
67 |
68 | - Why might it be good to know this as you design a CMDB or CI/CD pipeline?
69 |
70 | ---
71 |
72 |
73 |
74 | Submit your input by following the link below.
75 |
76 | The discussion posts are done in Discord Forums.
77 |
78 |
79 |
80 | - [Link to Discussion Forum](https://discord.com/channels/611027490848374811/1365776270800977962)
81 |
82 | ## Definitions
83 |
84 | ---
85 |
86 | System Lifecycle
87 |
88 | Configuration Drift
89 |
90 | Change management activities
91 |
92 | - CMDB
93 | - CI
94 | - Baseline
95 |
96 | Build book
97 |
98 | Run book
99 |
100 | Hashing
101 |
102 | - `md5sum`
103 | - `shasum`
104 |
105 | IaC
106 |
107 | Orchestration
108 |
109 | Automation
110 |
111 | AIDE
112 |
113 | ## Digging Deeper
114 |
115 | ---
116 |
117 | 1. Review more of the SRE books from Google: to try to find
118 | more useful change management practices and policies.
119 |
120 | ## Reflection Questions
121 |
122 | ---
123 |
124 | 1. How does the idea of control play into configuration management? Why is it so important?
125 |
126 | 2. What questions do you still have about this week?
127 |
128 | 3. How are you going to use what you’ve learned in your current role?
129 |
--------------------------------------------------------------------------------
/scripts/create-issues:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | # Make sure you're authenticated via 'gh auth login', with a PAT with correct access.
3 | # Run from inside the `scripts` directory.
4 |
5 | declare UNIT
6 | declare TYPE
7 | declare FILE
8 | declare EMOJI
9 | declare PROJECT
10 | declare TEMPL_PATH
11 |
12 | declare -a ALL_TYPES=('intro' 'worksheet' 'lab' 'bonus')
13 |
14 | _set_type_vars() {
15 | # Pass in $TYPE
16 | case $1 in
17 | ws|worksheet)
18 | TYPE='worksheet'
19 | FILE="u${UNIT}ws.md"
20 | EMOJI="📄"
21 | LABEL="Worksheet ${EMOJI}"
22 | ;;
23 | l|lab)
24 | TYPE='lab'
25 | FILE="u${UNIT}lab.md"
26 | EMOJI="🧪"
27 | LABEL="Lab ${EMOJI}"
28 | ;;
29 | i|intro)
30 | TYPE='intro'
31 | FILE="u${UNIT}intro.md"
32 | EMOJI="👋"
33 | LABEL="Intro"
34 | ;;
35 | b|bonus)
36 | TYPE='bonus'
37 | FILE="u${UNIT}b.md"
38 | EMOJI="🍒"
39 | LABEL="Bonus ${EMOJI}"
40 | ;;
41 | esac
42 | }
43 |
44 |
45 | while [[ -n $1 ]]; do
46 | case $1 in
47 | -u|--unit)
48 | [[ -n $2 ]] && UNIT=$2 && shift || printf "Bad argument to -u/--unit.\n"
49 | shift;
50 | ;;
51 | -t|--type)
52 | [[ -n $2 ]] && TYPE=$2 && shift || printf "No argument to -t/--type.\n"
53 | shift;
54 | ;;
55 | -a|--all)
56 | TYPE="all"
57 | shift;
58 | ;;
59 | -h|--help)
60 | cat <<- EOF
61 | NAME: create-issues
62 | USAGE:
63 | create-issues [-t|--type TYPE] [-u|--unit UNIT_NUMBER] [-a|--all]
64 |
65 | OPTIONS:
66 | -u | --unit UNIT_NUMBER Specify the unit number for the issue
67 | -t | --type TYPE Specify the type of document for the issue
68 | This can be one of 'worksheet', 'lab', 'intro', 'bonus'. Set to 'all' to create an issue of each type.
69 | -a | --all Shorthand for '--type all'
70 |
71 | SYNOPSIS:
72 | Creates an issue for the upstream repo. The 'gh' tool must be configured beforehand.
73 | EOF
74 | shift;
75 | exit 0
76 | ;;
77 | esac
78 | done
79 |
80 | [[ -z $UNIT ]] && read -r -p "Enter unit number: " UNIT;
81 | [[ -z $TYPE ]] && read -r -p "Enter type (ws/lab/intro/bonus/all): " TYPE;
82 | [[ -z $TYPE || -z $UNIT ]] && printf "Missing Type or Unit!\n" && exit 1
83 | [[ "${PWD##*/}" == scripts ]] &&
84 | TEMPL_PATH="../.github/ISSUE_TEMPLATE" ||
85 | TEMPL_PATH=".github/ISSUE_TEMPLATE"
86 |
87 | case $PWD in
88 | *lac*)
89 | PROJECT='lac'
90 | ;;
91 | *psc*)
92 | PROJECT='pscpm'
93 | ;;
94 | esac
95 |
96 |
97 | if [[ "${TYPE,,}" == "all" ]]; then
98 | for t in "${ALL_TYPES[@]}"; do
99 | _set_type_vars "$t"
100 | gh issue create \
101 | --title "Unit ${UNIT} ${t^} ${EMOJI} (${FILE})" \
102 | --label "${LABEL}" \
103 | --label "Unit #${UNIT}" \
104 | --label "help wanted" \
105 | --label "enhancement" \
106 | --body-file "$TEMPL_PATH/unit-${t,,}-body.md" || {
107 | printf >&2 "Failed to create the issue!\n" && exit 1
108 | }
109 | done
110 | printf "Successfully created all issues for unit %s.\n" "$UNIT"
111 | exit 0
112 | else
113 | _set_type_vars "$TYPE"
114 | gh issue create \
115 | --title "Unit ${UNIT} ${TYPE^} ${EMOJI} (${FILE})" \
116 | --label "${LABEL}" \
117 | --label "Unit #${UNIT}" \
118 | --label "help wanted" \
119 | --label "enhancement" \
120 | --body-file "$TEMPL_PATH/unit-${TYPE,,}-body.md" || {
121 | printf >&2 "Failed to create the issue!\n" && exit 1
122 | }
123 | printf "Successfully created %s issue for unit %s.\n" "$TYPE" "$UNIT"
124 | exit 0
125 | fi
126 |
127 | # --project "$PROJECT" \ # doesn't work
128 |
129 |
--------------------------------------------------------------------------------
/src/u5ws.md:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
Unit 5 Worksheet - Repos & Patching
5 |
6 |
7 |
8 | ## Instructions
9 |
10 | ---
11 |
12 | Fill out this sheet as you progress through the lab and discussions. Hold your worksheets until
13 | the end to turn them in as a final submission packet.
14 |
15 | ### Resources / Important Links
16 |
17 | -
18 | -
19 | -
20 | -
21 | -
22 | -
23 | -
24 |
25 | #### Downloads
26 |
27 | The worksheet has been provided below. The document(s) can be transposed to
28 | the desired format so long as the content is preserved. For example, the `.txt`
29 | could be transposed to a `.md` file.
30 |
31 | - 📥 u5_worksheet(`.pdf`)
32 | - 📥 u5_worksheet(`.txt`)
33 |
34 | ### Unit 5 Recording
35 |
36 |
37 |
38 |
48 |
49 |
50 |
51 | #### Discussion Post #1
52 |
53 | Review the rocky documentation on Software management in
54 | Linux.
55 |
56 | -
57 |
58 | 1. What do you already understand about the process?
59 | 2. What new things did you learn or pick up?
60 | 3. What are the DNF plugins?
61 | What is the use of the versionlock plugin?
62 | 4. What is an EPEL?
63 | Why do you need to consider this when using one?
64 |
65 | #### Discussion Post #2
66 |
67 | Do a google search for "patching enterprise Linux" and try to
68 | wade through all of the noise.
69 |
70 | 1. What blogs (or AI) do you find that enumerates a list of steps or checklists to
71 | consider?
72 | 2. After looking at that, how does patching a fleet of systems in the enterprise differ
73 | from pushing "update now" on your local desktop?
74 | What seems to be the major considerations?
75 | What seems to be the major roadblocks?
76 |
77 |
78 | Submit your input by following the link below.
79 |
80 | The discussion posts are done in Discord threads. Click the 'Threads' icon on the top right and search for the discussion post.
81 |
82 |
83 |
84 | - [Link to Discussion Posts](https://discord.com/channels/611027490848374811/1365776270800977962)
85 |
86 | ## Definitions
87 |
88 | ---
89 |
90 | Patching
91 |
92 | Repos
93 |
94 | Software
95 |
96 | EPEL
97 |
98 | BaseOS v. Appstream (in RHEL/Rocky)
99 |
100 | Other types you can find?
101 |
102 | - httpd
103 | - patching
104 | - GPG Key
105 | - DNF/YUM
106 |
107 | ## Digging Deeper
108 |
109 | ---
110 |
111 | 1. After completing the lab and worksheet, draw out how you would deploy a software
112 | repository into your system.
113 | How are you going to update it?
114 | What tools do you find that are useful in this space?
115 |
116 | ## Reflection Questions
117 |
118 | ---
119 |
120 | 1. Why is it that repos are controlled by root/admin functions and not any user,
121 | developer, or manager?
122 |
123 | 2. What questions do you still have about this week?
124 |
125 | 3. How are you going to use what you've learned in your current role?
126 |
--------------------------------------------------------------------------------
/src/u1lab.md:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
Unit 1 Lab - Build Standards and Compliance
5 |
6 |
7 |
8 | > If you are unable to finish the lab in the ProLUG lab environment we ask you `reboot`
9 | > the machine from the command line so that other students will have the intended environment.
10 |
11 | ### Required Materials
12 |
13 | Putty or other connection tool Lab Server
14 |
15 | Root or sudo command access
16 |
17 | STIG Viewer 2.18 (download from )
18 |
19 | #### Downloads
20 |
21 | The lab has been provided below. The document(s) can be transposed to
22 | the desired format so long as the content is preserved. For example, the `.txt`
23 | could be transposed to a `.md` file.
24 |
25 | - 📥 u1_lab(`.txt`)
26 | - 📥 u1_lab(`.docx`)
27 |
28 | ## Module 1: Exploring System Information
29 |
30 | ### Exercise 1.1: Familiarizing ourselves with the System
31 |
32 | ```bash
33 | mount | grep -i noexec
34 |
35 | mount | grep -i nodev
36 |
37 | mount | grep -i nosuid
38 |
39 | # Approximately how many of your mounted filesystems have each of these values?
40 | ```
41 |
42 | ### Exercise 1.2: Checking Mounted Systems
43 |
44 | ```bash
45 | sysctl -a | grep -i ipv4
46 |
47 | sysctl -a | grep -i ipv6
48 |
49 | # How many of each are there?
50 | ```
51 |
52 | ```bash
53 | sysctl -a | grep -i ipv4 | grep -i forward
54 |
55 | # Does IPv4 forward on interfaces?
56 | ```
57 |
58 | ```bash
59 | lsmod | grep -i tables
60 |
61 | # What type of tables exist?
62 | ```
63 |
64 | ## Module 2: PreLAB
65 |
66 | 1. Download the STIG Viewer 2.18 from -
67 | 
68 |
69 | 2. Download the STIG for Mariadb and the import it into your STIG viewer.
70 | 
71 |
72 | ## Module 3: Lab
73 |
74 | This lab is designed to have the engineer practice securing a Linux server or service
75 | against a set of configuration standards.
76 | These standards are sometimes called benchmarks, checklists, or guidelines.
77 | The engineer will be using STIG Viewer 2.18 to complete this lab.
78 |
79 | ### MariaDB Service configuration:
80 |
81 | 1. Connect to a hammer server.
82 | 2. Install MariaDB.
83 |
84 | ```bash
85 | dnf install mariadb-server
86 |
87 | # Ensure that it is running
88 |
89 | systemctl start mariadb
90 |
91 | systemctl status mariadb
92 |
93 | ss -ntulp | grep 3306
94 | ```
95 |
96 | - Check and remediate v-253666 STIG.
97 | 
98 |
99 | - What is the problem?
100 | - What is the fix?
101 | - What type of control is being implemented?
102 | - Is it set properly on your system?
103 |
104 | Connect to MariaDB locally.
105 |
106 | ```bash
107 | mysql
108 | ```
109 |
110 | Run the SQL command in the STIG's Fix Text section:
111 |
112 | ```sql
113 | SELECT user, max_user_connections FROM mysql.user;
114 | ```
115 |
116 | 
117 |
118 | Can you remediate this finding?
119 | 
120 |
121 | - Check and remediate `v-253677 STIG`
122 | - What is the problem?
123 | - What is the fix?
124 | - What type of control is being implemented?
125 | - Is it set properly on your system?
126 | - Check and remediate `v-253678 STIG`
127 | - What is the problem?
128 | - What is the fix?
129 | - What type of control is being implemented?
130 | - Is it set properly on your system?
131 | - Check and remediate `v-253734 STIG`
132 | - What is the problem?
133 | - What is the fix?
134 | - What type of control is being implemented?
135 | - Is it set properly on your system?
136 |
137 | > Be sure to `reboot` the lab machine from the command line when you are done.
138 |
--------------------------------------------------------------------------------
/src/u3ws.md:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
Unit 3 Worksheet - User Access and System Integration
5 |
6 |
7 |
8 | ## Instructions
9 |
10 | ---
11 |
12 | Fill out this sheet as you progress through the lab and discussions. Hold your worksheets until
13 | the end to turn them in as a final submission packet.
14 |
15 | ### Resources / Important Links
16 |
17 | -
18 | -
19 | -
20 | -
21 | -
22 |
23 | #### Downloads
24 |
25 | The worksheet has been provided below. The document(s) can be transposed to
26 | the desired format so long as the content is preserved. For example, the `.txt`
27 | could be transposed to a `.md` file.
28 |
29 | - 📥 u3_worksheet(`.pdf`)
30 | - 📥 u3_worksheet(`.txt`)
31 |
32 |
33 | ### Unit 3 Recording
34 |
35 |
36 |
37 |
47 |
48 | #### Discussion Post #1
49 |
50 | There are 16 Stigs that involve PAM for RHEL 9.
51 | Read the guide from Rocky Linux here:
52 |
53 | 1. What are the mechanisms and how do they affect PAM functionality?
54 | - Review `/etc/pam.d/sshd` on a Linux system.
55 | What is happening in that file relative to these functionalities?
56 | 2. What are the common PAM modules?
57 | - Review `/etc/pam.d/sshd` on a Linux system.
58 | What is happening in that file relative to these functionalities?
59 | 3. Look for a blog post or article about PAM that discusses real world application.
60 | Post it here and give us a quick synopsis. (Bonus arbitrary points if you find one of our ProLUG members blogs on the subject.)
61 |
62 | #### Discussion Post #2
63 |
64 | Read about active directory (or LDAP) configurations of Linux via `sssd` here:
65 |
66 |
67 | 1. Why do we not want to just use local authentication in Linux? Or really any system?
68 | 2. There are 4 SSSD STIGS.
69 | - What are they?
70 | - What do they seek to do with the system?
71 |
72 |
73 | Submit your input by following the link below.
74 |
75 | The discussion posts are done in Discord threads. Click the 'Threads' icon on the top right and search for the discussion post.
76 |
77 |
78 |
79 | - [Link to Discussion Posts](https://discord.com/channels/611027490848374811/1098309490681598072)
80 |
81 | ## Definitions
82 |
83 | ---
84 |
85 | PAM:
86 |
87 | AD:
88 |
89 | LDAP:
90 |
91 | sssd:
92 |
93 | oddjob:
94 |
95 | krb5:
96 |
97 | realm/realmd:
98 |
99 | wheel (system group in RHEL):
100 |
101 | ## Digging Deeper
102 |
103 | ---
104 |
105 | 1. How does `/etc/security/access.conf` come into play with pam_access?
106 | Read up on it here:
107 | - Can you find any other good resources?
108 | - What is the structure of the access.conf file directives?
109 | 2. What other important user access or user management information do you learn by
110 | reading this?
111 | - What is the contents of the `/etc/login.defs` file? Why do you care?
112 |
113 | ## Reflection Questions
114 |
115 | ---
116 |
117 | 1. What questions do you still have about this week?
118 |
119 | 2. How are you going to use what you've learned in your current role?
120 |
--------------------------------------------------------------------------------
/scripts/generate_resources.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | # To be run in the project's root directory
3 | declare RESOURCES_FILE='./src/resources.md'
4 | declare SEARCH_DIR="./src"
5 | declare FILE_PATTERN="*.md"
6 | declare -A ADDED_LINKS
7 |
8 | declare -a FILES
9 | IFS=$'\n' read -r -d '' -a FILES < <(find "$SEARCH_DIR" -maxdepth 1 -mindepth 1 -name "$FILE_PATTERN")
10 |
11 | # truncate file
12 | : > "$RESOURCES_FILE"
13 |
14 | debug() {
15 | printf "[ \033[33mDEBUG\033[0m ]: "
16 | printf "%s\n" "$*"
17 | }
18 |
19 | pull-links() {
20 | local -i COUNT_MD_LINKS=0
21 | local -i COUNT_REG_LINKS=0
22 | local -i COUNT_UF_LINKS=0
23 | local -i DUPLICATES
24 | for FILE in "${FILES[@]}"; do
25 | local UNIT=
26 | [[ "$FILE" == *resources.md ]] && continue
27 | [[ "$FILE" == *unitindex.md ]] && continue
28 |
29 | declare -a RESOURCES
30 |
31 | IFS=$'\n' read -r -d '' -a RESOURCES < <(
32 | grep -i -E '\).* ]]; then
47 | # Link is formatted as:
48 | MARKDOWN_LINK="${BASH_REMATCH[1]}"
49 | COUNT_REG_LINKS+=1
50 | elif [[ $MARKDOWN_LINK =~ .*[^[\<\(](https://[^ \)]+).* ]]; then
51 | # Link is unformatted: http://example.com
52 | MARKDOWN_LINK="${BASH_REMATCH[1]}"
53 | COUNT_UF_LINKS+=1
54 | continue
55 | else
56 | # Link is formatted as: [Link](http://example.com)
57 | COUNT_MD_LINKS+=1
58 | fi
59 | [[ -z $MARKDOWN_LINK ]] && continue
60 |
61 | if printf "%s" "$MARKDOWN_LINK" | grep -i 'github.com'; then
62 | printf "Found GH link in unit %s: %s\n" "$UNIT" "$MARKDOWN_LINK"
63 | fi
64 |
65 | # Fix duplicate problem
66 | # Using grep to check for duplicates created a race condition
67 | # - Add associative array containing links already added
68 | # - Bash can't parse markdown links as associative array keys
69 | # - use md5sum hashes
70 | LINK_HASH=$(printf "%s" "${MARKDOWN_LINK,,}" | sed -E 's/\/([>\)])?$/\1/' | md5sum | cut -d ' ' -f1)
71 | if [[ -z "${ADDED_LINKS["$LINK_HASH"]}" ]]; then
72 | [[ -n $UNIT ]] && sed -i "/^## Unit $UNIT\>/a- $MARKDOWN_LINK" "$RESOURCES_FILE"
73 | [[ -z $UNIT ]] && sed -i "/^## Misc$/a- $MARKDOWN_LINK" "$RESOURCES_FILE"
74 | ADDED_LINKS["$LINK_HASH"]=1
75 | else
76 | debug "Duplicate link found, skipping."
77 | (( DUPLICATES++ ))
78 | fi
79 |
80 | done
81 |
82 | done
83 |
84 | TOTAL_LINK_COUNT=$(( COUNT_MD_LINKS + COUNT_UF_LINKS + COUNT_REG_LINKS ))
85 | cat <<- EOF
86 | REPORT:
87 | - Markdown Links $COUNT_MD_LINKS
88 | - Regular Links $COUNT_REG_LINKS
89 | - Unformatted Links $COUNT_UF_LINKS
90 | Total Links: $TOTAL_LINK_COUNT
91 | Total links added: ${#ADDED_LINKS[@]}
92 |
93 | Duplicates: $DUPLICATES
94 | EOF
95 |
96 | }
97 |
98 | format-resources() {
99 | cat <<- EOF >> "$RESOURCES_FILE"
100 |
101 |
102 |
103 |
Course Resources
104 |
105 |
106 | This is a comprehensive list of all external resources used in this course.
107 |
108 | EOF
109 |
110 | if [[ -f ./src/unitindex.md ]]; then
111 | perl -ne 'print "## Unit $1 - $2\n\n" if s/^[|]\s*(\d+)\s*[|]\s*[[](.*?)[]].*$/\1 \2/' < src/unitindex.md |
112 | tee -a "$RESOURCES_FILE" > /dev/null 2>&1
113 | else
114 | for i in {1..10}; do
115 | printf "## Unit %s\n\n" "$i" >> "$RESOURCES_FILE"
116 | done
117 | fi
118 |
119 | if ! grep -qi -E "^## Misc$" "$RESOURCES_FILE"; then
120 | printf "## Misc\n" >> $RESOURCES_FILE
121 | fi
122 | }
123 |
124 | format-resources
125 | pull-links
126 |
--------------------------------------------------------------------------------
/src/u7ws.md:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
Unit 7 Worksheet - Monitoring and Alerting
8 |
9 |
10 |
11 | ## Instructions
12 |
13 | ---
14 |
15 | Fill out this sheet as you progress through the lab and discussions. Hold your worksheets until
16 | the end to turn them in as a final submission packet.
17 |
18 | ### Resources / Important Links
19 |
20 | -
21 | -
22 | -
23 |
24 | #### Downloads
25 |
26 | The worksheet has been provided below. The document(s) can be transposed to
27 | the desired format so long as the content is preserved. For example, the `.txt`
28 | could be transposed to a `.md` file.
29 |
30 | - 📥 u7_worksheet(`.txt`)
31 | - 📥 u7_worksheet(`.pdf`)
32 |
33 | ### Unit 7 Recording
34 |
35 |
45 |
46 | #### Discussion Post #1
47 |
48 | Read about telemetry, logs, and traces. Ther are many good sources, even from
49 | Microsoft:
50 |
51 |
52 | 1. How does the usage guidance of that blog (at bottom) align with your
53 | understanding of these three items?
54 |
55 | 2. What other useful blogs or AI write-ups were you able to find?
56 |
57 | 3. What is the usefulness of this in securing your system?
58 |
59 | #### Discussion Post #2
60 |
61 | When we think of our systems, sometimes an airgapped system is simple to think about
62 | because everything is closed in. The idea of alerting or reporting is the opposite.
63 | We are trying to get the correct, timely, and important information out of the system
64 | when and where it is needed.
65 |
66 | Read the summary at the top of:
67 |
68 |
69 | 1. What is the litmus test for a page? (Sending something out of the system?)
70 |
71 | 2. What is over-monitoring v. under-monitoring?
72 | Do you agree with the assessment of the paper?
73 | Why or why not, in your experience?
74 |
75 | 3. What is cause-based v. symptom-based and where do they belong? Do you agree?
76 |
77 |
78 |
79 | Submit your input by following the link below.
80 |
81 | The discussion posts are done in Discord Forums.
82 |
83 |
84 |
85 | - [Link to Discussion Forum](https://discord.com/channels/611027490848374811/1365776270800977962)
86 |
87 | ## Definitions
88 |
89 | ---
90 |
91 | Telemetry
92 |
93 | Tracing
94 |
95 | - Span
96 | - Label
97 |
98 | Time Series Database (TSDB)
99 |
100 | Queue
101 |
102 | Upper control limit / Lower control limit (UCL/LCL)
103 |
104 | Aggregation
105 |
106 | SLO, SLA, SLI
107 |
108 | Push v. Pull of data
109 |
110 | Alerting rules
111 |
112 | Alertmanager
113 |
114 | - Alert template
115 | - Routing
116 | - Throttling
117 |
118 | Monitoring for defensive operations
119 |
120 | - SIEM
121 | - Intrusion Detection Systems - IDS
122 | - Intrusion Prevention Systems - IPS
123 |
124 | ## Digging Deeper
125 |
126 | ---
127 |
128 | 1. Look into Wazuh: [Security Information and Event Management (SIEM). Real Time Monitoring | Wazuh](https://wazuh.com/platform/siem/)
129 |
130 | 1. What are their major capabilities and features (what they advertise)?
131 | 1. What are they doing with logs that increases visibility and usefulness in the security space?
132 | [Log data analysis - Use cases · Wazuh documentation](https://documentation.wazuh.com/current/getting-started/use-cases/log-analysis.html)
133 |
134 | ## Reflection Questions
135 |
136 | ---
137 |
138 | 1. What do I mean when I say that security is an art and not an engineering practice?
139 |
140 | 2. What questions do you still have about this week?
141 |
142 | 3. How are you going to use what you've learned in your current role?
143 |
--------------------------------------------------------------------------------
/src/u4ws.md:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
Unit 4 Worksheet - Bastions and Jailing Users
5 |
6 |
7 |
8 | ## Instructions
9 |
10 | ---
11 |
12 | Fill out this sheet as you progress through the lab and discussions. Hold your worksheets until
13 | the end to turn them in as a final submission packet.
14 |
15 | ### Resources / Important Links
16 |
17 | -
18 | -
19 | -
20 | -
21 |
22 | #### Downloads
23 |
24 | The worksheet has been provided below. The document(s) can be transposed to
25 | the desired format so long as the content is preserved. For example, the `.txt`
26 | could be transposed to a `.md` file.
27 |
28 | - 📥 u4_worksheet(`.pdf`)
29 | - 📥 u4_worksheet(`.txt`)
30 |
31 | ### Unit 4 Recording
32 |
33 |
34 |
35 |
45 |
46 | #### Discussion Post #1
47 |
48 | Review some of the blogs here:
49 |
50 | -
51 |
52 | -
53 |
54 | Or find some on your own about air-gapped systems.
55 |
56 | 1. What seems to be the theme of air-gapped systems?
57 | 2. What seems to be their purpose?
58 | 3. If you use google, or an AI, what are some of the common themes that come up when
59 | asked about air-gapped or bastion systems?
60 |
61 | #### Discussion Post #2
62 |
63 | Do a Google or AI search of topics around jailing a user or processes in Linux.
64 |
65 | 1. Can you enumerate the methods of jailing users?
66 | 2. Can you think of when you've been jailed as a Linux user?
67 | If not, can you think of the useful ways to use a jail?
68 |
69 |
70 | Submit your input by following the link below.
71 |
72 | The discussion posts are done in Discord threads. Click the 'Threads' icon on the top right and search for the discussion post.
73 |
74 |
75 |
76 | - [Link to Discussion Posts](https://discord.com/channels/611027490848374811/1098309490681598072)
77 |
78 | ## Definitions
79 |
80 | ---
81 |
82 | Air-gapped
83 |
84 | Bastion
85 |
86 | Jailed process
87 |
88 | Isolation
89 |
90 | Ingress
91 |
92 | Egress
93 |
94 | Exfiltration
95 |
96 | Cgroups
97 |
98 | Namespaces
99 |
100 | - Mount
101 | - PID
102 | - IPC
103 | - UTS
104 |
105 | ## Digging Deeper
106 |
107 | ---
108 |
109 | 1. While this isn't, strictly speaking, an automation course there is some value in
110 | looking at automation of the bastion deployments. Check out this ansible code:
111 |
112 |
113 | - Does the setup make sense to you with our deployment?
114 | - What can improve and make this better?
115 |
116 | 2. Find a blog or github where someone else deploys a bastion. Compare it to our
117 | process.
118 |
119 | 3. Knowing what you now know about bastions, jails, and air-gapped systems. Reflect
120 | on the first 3 weeks, all the STIGs you've reviewed and touched. Do any of them
121 | seem moot, or less necessary if applied in an air-gapped environment?
122 |
123 | - Does your answer change if you read about Zero Trust and know how much of a hot
124 | topic that is in the security world now?
125 | 1. Why or why not?
126 |
127 | 4. Think of a Linux system where you would like to deploy a bastion (If you cannot think
128 | of one, use ProLUG Lab). Draw out how you think the system works in
129 | excalidraw.com.
130 |
131 | ## Reflection Questions
132 |
133 | ---
134 |
135 | 1. Does it matter if the user knows that they are jailed? Why or why not?
136 |
137 | 2. What questions do you still have about this week?
138 |
139 | 3. How are you going to use what you've learned in your current role?
140 |
--------------------------------------------------------------------------------
/.github/ISSUE_TEMPLATE/unit-worksheet-body.md:
--------------------------------------------------------------------------------
1 | # Example Worksheet from LAC Unit 1 Worksheet
2 |
3 | ---
4 |
5 |
6 |
7 |
8 |
Unit 1 Worksheet - Linux File Operations
9 |
10 |
11 |
12 | ## Instructions
13 |
14 | ---
15 |
16 | Fill out the worksheet as you progress through the lab and discussions.
17 | Hold your worksheets until the end to turn them in as a final submission packet.
18 |
19 | ### Resources / Important Links
20 |
21 | - [What is Vim?](https://github.com/vim/vim)
22 | - [The Linux Foundation](https://www.linux.org/pages/download/)
23 | - [Linux CLI Cheatsheets](https://www.digitalocean.com/community/tutorials/linux-commands)
24 |
25 | #### Downloads
26 |
27 | The worksheet has been provided below. The document(s) can be transposed to
28 | the desired format so long as the content is preserved. For example, the `.txt`
29 | could be transposed to a `.md` file.
30 |
31 | - 📥 u1_worksheet(`.txt`)
32 | - 📥 u1_worksheet(`.docx`)
33 |
34 | ### Unit 1 Recording
35 |
36 |
46 |
47 | #### Discussion Post #1
48 |
49 | Using a 0-10 system, rate yourself on how well you think you know each topic in the table below. (You do not have to post this rating).
50 |
51 |
68 |
69 | Next, answer these questions here:
70 |
71 | 1. What do you hope to learn in this course?
72 |
73 | 2. What type of career path are you shooting for?
74 |
75 | #### Discussion Post #2
76 |
77 | 1. Post a job that you are interested in from a local job website. (link or image)
78 |
79 | 2. What do you know how to do in the posting?
80 |
81 | 3. What don't you know how to do in the posting?
82 |
83 | 4. What are you doing to close the gap? What can you do to remedy the difference?
84 |
85 |
86 | Submit your input by following the link below.
87 |
88 | The discussion posts are done in Discord threads. Click the 'Threads' icon on the top right and search for the discussion post.
89 |
90 |
91 |
92 | - [Link to Discussion Posts](https://discord.com/channels/611027490848374811/1098309490681598072)
93 |
94 | ### Start thinking about your project ideas (more to come in future weeks):
95 |
96 | Topics:
97 |
98 | 1. System Stability
99 | 2. System Performance
100 | 3. System Security
101 | 4. System monitoring
102 | 5. Kubernetes
103 | 6. Programming/Automation
104 |
105 | You will research, design, deploy, and document a system that improves your administration of Linux systems in some way.
106 |
107 | ## Definitions
108 |
109 | ---
110 |
111 | Kernel:
112 |
113 | Kernel Args:
114 |
115 | OS Version:
116 |
117 | Modules:
118 |
119 | Mount Points:
120 |
121 | Text Editor:
122 |
123 | ## Digging Deeper
124 |
125 | ---
126 |
127 | 1. Use vimtutor and see how far you get. What did you learn that you did not know about vi/vim?
128 |
129 | 2. Go to and see how far you get. What did you learn that you did not already know about vi/vim?
130 |
131 | 3. Go to and see how far you get with vim. What did you learn that you did not already know about vi/vim?
132 |
133 | ## Reflection Questions
134 |
135 | ---
136 |
137 | 1. What questions do you still have about this week?
138 |
139 | 2. How are you going to use what you’ve learned in your current role?
140 |
--------------------------------------------------------------------------------
/src/u6ws.md:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
Unit 6 Worksheet - Monitoring and Parsing Logs
5 |
6 |
7 |
8 | ## Instructions
9 |
10 | ---
11 |
12 | Fill out this sheet as you progress through the lab and discussions. Hold your worksheets until
13 | the end to turn them in as a final submission packet.
14 |
15 | ### Resources / Important Links
16 |
17 | -
18 | -
19 | -
20 | -
21 |
22 | #### Downloads
23 |
24 | The worksheet has been provided below. The document(s) can be transposed to
25 | the desired format so long as the content is preserved. For example, the `.txt`
26 | could be transposed to a `.md` file.
27 |
28 | - 📥 u6_worksheet(`.pdf`)
29 | - 📥 u6_worksheet(`.txt`)
30 |
31 | ### Unit 6 Recording
32 |
33 |
34 |
35 | #### Discussion Post #1
36 |
37 | Review chapter 15 of the SRE book:
38 | .
39 | There are 14 references at the end of the chapter. Follow them for more information. One of them:
40 | should be reviewed for
41 | question "c".
42 |
43 | - a. What are some concepts that are new to you?
44 | - b. There are 5 conclusions drawn, do you agree with them? Would you add or remove anything from the list?
45 | - c. In Julia Evan's debugging blog, which shows that debugging is just another
46 | form of troubleshooting, what useful things do you learn about the
47 | relationship between these topics? Are there any techniques you already do
48 | that this helps solidify for you?
49 |
50 | #### Discussion Post #2
51 |
52 | Read .
53 |
54 | - What interesting or new things do you learn in this reading? What may you
55 | want to know more about?
56 | - What are the "4 golden signals"?
57 | - After reading these, why is immutability so important to logging? What do you
58 | think the other required items are for logging to be effective?
59 |
60 |
61 | Submit your input by following the link below.
62 |
63 | The discussion posts are done in Discord threads. Click the 'Threads' icon on the top right and search for the discussion post.
64 |
65 |
66 |
67 | - [Link to Discussion Posts](https://discord.com/channels/611027490848374811/1365776270800977962)
68 |
69 | ## Definitions
70 |
71 | ---
72 |
73 | Types of logs
74 |
75 | - Application
76 | - Host
77 | - Network
78 | - DB
79 |
80 | Immutable
81 |
82 | Structure of Logs
83 |
84 | - RFC 3164 BSD Syslog
85 | - RFC 5424 IETF Syslog
86 | - Systemd Journal
87 |
88 | Log rotation
89 |
90 | Rsyslog
91 |
92 | Log aggregation
93 |
94 | - ELK
95 | - Splunk
96 | - Graylog
97 | - Loki
98 |
99 | SIEM
100 |
101 | ## Digging Deeper
102 |
103 | ---
104 |
105 | 1. Find a cloud service and see what their logging best practices are for security
106 | incident response. Here is AWS:
107 |
108 | - What are the high level concepts mentioned?
109 | - What are the tools available and what actions do they take?
110 | - What are the manual and automated query capabilities provided, and how
111 | they help you rapidly get to a correct assessment of the logged events?
112 |
113 | 2. Open up that STIG Viewer and filter by "logging" for any of the previous STIGs we've
114 | worked on. (Mariadb has some really good ones.)
115 |
116 | - What seems to be a common theme?
117 | - What types of activities MUST be logged in various applications and operating systems?
118 | - Does it make sense why all logins are tracked?
119 | - Does it make sense why all admin actions, even just attempted admin actions, are logged?
120 |
121 | ## Reflection Questions
122 |
123 | ---
124 |
125 | 1. What architectures have you used in your career?
126 |
127 | - If you haven't yet worked with any of these, what do you think you would
128 | architect in the ProLUG lab (~60 virtual machines, 4 physical machines, 1
129 | NFS share, and 2 Windows laptops?)
130 |
131 | 2. What questions do you still have about this week?
132 |
133 | 3. How are you going to use what you've learned in your current role?
134 |
--------------------------------------------------------------------------------
/src/u8lab.md:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
Unit 8 Lab - Configuration Drift and Remediation
5 |
6 |
7 |
8 | > If you are unable to finish the lab in the ProLUG lab environment we ask you `reboot`
9 | > the machine from the command line so that other students will have the intended environment.
10 |
11 | ### Required Materials
12 |
13 | Putty or other connection tool Lab Server
14 |
15 | Root or sudo command access
16 |
17 | STIG Viewer 2.18 (download from )
18 |
19 | #### Downloads
20 |
21 | The lab has been provided below. The document(s) can be transposed to
22 | the desired format so long as the content is preserved. For example, the `.txt`
23 | could be transposed to a `.md` file.
24 |
25 | - 📥 u8_lab(`.txt`)
26 | - 📥 u8_lab(`.pdf`)
27 |
28 | ## Lab 🧪
29 |
30 | These labs focus on configuration drift tracking and remediation.
31 |
32 | ### Operational Activities
33 |
34 | 
35 |
36 | 1. Check your stig viewer and go to RHEL 9 stigs.
37 |
38 | 2. Set a filter for “change management”.
39 |
40 | - How many STIGs do you see?
41 |
42 | 3. Review the wording, what is meant by a robust change management process?
43 | - Do you think this can be applied in just one STIG? Why or why not?
44 | - What type of control is being implemented with change management in these STIGS?
45 | - Is it different across the STIGs or all the same?
46 |
47 | ### Monitoring configuration drift with Aide
48 |
49 | 1. Go into the sandbox lab:
50 |
51 | 2. Install aide and watch the installation happen.
52 |
53 | ```bash
54 | apt -y install aide
55 | ```
56 |
57 | - What is being put in the path `/etc/aide/aide.conf.d/`?
58 | - How many files are in there?
59 |
60 | 3. Check your version of aide
61 |
62 | ```bash
63 | aide -v
64 | ```
65 |
66 | 4. Read the man page (first page).
67 |
68 | ```bash
69 | man aide
70 | ```
71 |
72 | - What does aide try to do, and how does it do it?
73 |
74 | 5. What is the configuration of cron found in `/etc/cron.daily/dailyaidecheck`?
75 |
76 | - What does this attempt to do?
77 | - What checks are there before execution?
78 | - Read the man for `capsh`, what is it used for?
79 |
80 | 6. Set up aide according to the default configuration
81 | ```bash
82 | time aide -i -c /etc/aide/aide.conf
83 | ```
84 | - How long did that take?
85 | - How much time was wall clock v. system/user time?
86 | - Why might you want to know this on your systems?
87 | - What do you notice about the output?
88 | 1. What do you need to go read about?
89 |
90 | 
91 |
92 | (Mine took 5 minutes 8 seconds to run on the lab system)
93 |
94 | 7. Set the database up properly
95 |
96 | ```bash
97 | cp /var/lib/aide/aide.db.new /var/lib/aide/aide.db
98 | ```
99 |
100 | 8. Test aide by making files in a tracked directory
101 |
102 | ```bash
103 | mkdir /root/prolug
104 | touch /root/prolug/test1
105 | touch /root/prolug/test2
106 | time aide -c /etc/aide/aide.conf --check
107 | ```
108 |
109 | - Did you see your new files created?
110 | - How long did this take to run?
111 | 1. What type of usage do you see against user/system space?
112 |
113 | 
114 |
115 | ### Using Ansible to fix drift
116 |
117 | 1. Complete the lab here:
118 |
119 | 2. When you finish ensure that you see broken output for 8081, as required.
120 |
121 | ```bash
122 | curl node01:8081
123 | ```
124 |
125 | 3. One of the dev teams figured out they could modify the `test` and `qa`
126 | environments because a previous engineer left them in the sudoers file. You can
127 | address that separately with the security team, but for now you need to get those
128 | environments back to working. Run your original deployment command to see if it sets
129 | mhe environment back properly.
130 |
131 | ```bash
132 | ansible-playbook -i /root/hosts /root/web_environment.yaml
133 | ```
134 |
135 | 
136 |
137 | - Did this force the system back into a working configuration?
138 | - If it worked, would it always work, or would they (the systems) need to be
139 | manually intervened?
140 | - What is your test? (hint: `curl` the ports `8080`, `8081`, and `8082` from previous commands)
141 | - Could this cause potential problems in the environment?
142 | - If so, is that problem based on technology or operational practices? Why?
143 |
144 | ### Digging Deeper challenge (not required for finishing lab)
145 |
146 | 1. Complete this lab:
147 | - Can you think about how you’d use this to verify that a system was stamped
148 | according to your build process?
149 | - You may have to tie it in with something like this lab and add some variables
150 | to your custom facts files, maybe the date of deployment:
151 |
152 |
153 | > Be sure to `reboot` the lab machine from the command line when you are done.
154 |
--------------------------------------------------------------------------------
/src/assets/downloads/u2/u2_lab.txt:
--------------------------------------------------------------------------------
1 | Unit 2 Lab - Network Standards and
2 | Compliance
3 |
4 | Required Materials
5 |
6 | Putty or other connection tool Lab Server
7 | Root or sudo command access
8 | STIG Viewer 2.18 (download from https://public.cyber.mil/stigs/downloads/ )
9 |
10 |
11 | EXERCISES (Warmup to quickly run through your system and familiarize yourself)
12 |
13 | 1. sysctl -a | grep -i ipv4 | grep -i forward
14 | 1. Does this system appear to be set to forward? Why or why not?
15 | 2. sysctl -a | grep -i ipv4 | grep -i martian
16 | 1. What are martians and is this system allowing them?
17 | 3. sysctl -a | grep -i panic
18 | 1. How does this system handle panics?
19 | 4. sysctl -a | grep -i crypto
20 | 1. What are the settings you see? Is FIPS enabled?
21 | 5. cat /proc/cmdline
22 | 6. fips-mode-setup --check
23 | 7. sestatus
24 | 8. cat /etc/selinux/config
25 | 1. What information about the security posture of the system can you see here?
26 | 1. Can you verify SELINUX status?
27 | 2. Can you verify FIPS status?
28 |
29 | PreLAB
30 |
31 | Download the STIG Viewer 2.18 from - https://public.cyber.mil/stigs/downloads/
32 | Download the STIG for RHEL 9 and the import it into your STIG viewer
33 | Create a checklist from the opened STIG for RHEL 9
34 |
35 | LAB
36 |
37 | This lab is designed to have the engineer practice securing a Linux server or service against a set of configuration standards. These standards are sometimes called benchmarks, checklists, or guidelines. The engineer will be using STIG Viewer 2.18 to complete this lab.
38 |
39 | Network Service configuration:
40 |
41 | 1. Connect to a hammer server
42 | 2. Filter by ipv4 and see how many STIGS you have.
43 | 3. Examine STIG V-257957
44 | 1. What is the problem?
45 | 2. What is the fix?
46 | 3. What type of control is being implemented?
47 | 4. Is it set properly on your system?
48 | 1. sysctl -a | grep -i ipv4 | grep -i syncookies
49 | 2. Can you remediate this finding?
50 |
51 | In this case it's already correctly set.
52 |
53 | But if we needed to, we would set that value in /etc/sysctl.d/00- remediate.conf
54 | And then reload sysctl with `sysctl --system`
55 |
56 | 5. Check and remediate V-257958 STIG
57 | 1. What is the problem?
58 | 2. What is the fix?
59 | 3. What type of control is being implemented?
60 | 4. Is it set properly on your system?
61 | 5. How would you go about remediating this on your system?
62 |
63 | 6. Check and remediate V-257960 and V-257961 STIGs
64 | 1. What is the problem? How are they related?
65 | 2. What is the fix?
66 | 3. What type of control is being implemented?
67 | 4. Is it set properly on your system?
68 | 7. Filter by firewall
69 | 1. How many STIGS do you see?
70 | 2. What do these STIGS appear to be trying to do? What types of controls are they?
71 |
72 |
73 | Firewall port exposure
74 |
75 | Your team needs to use node_exporter with Prometheus to allow scraping of system information back to your network monitoring solution. You are running a firewall, so you need to expose the port that node_exporter runs on to the network outside of your system.
76 |
77 | 7. Expose a network port through your firewall
78 | 1. Verify that your firewall is running systemctl status firewalld
79 | 2. Verify that your firewall has the service defined firewall-cmd --get-services | grep -i node
80 | ls /usr/lib/firewalld/services | grep -i node
81 | 3. Verify that the service is not currently enabled for node_exporter firewall-cmd --list-services
82 | 4. Examine the structure of the firewall .xml file
83 | cat /usr/lib/firewalld/services/prometheus-node-exporter.xml
84 | 5. Enable the service through your firewall
85 | firewall-cmd --permanent --add-service=prometheus-node-exporter firewall-cmd --reload
86 | 6. Verify that the service is currently enabled for node_exporter firewall-cmd --list-services
87 |
88 | Automate STIG remediation on a system
89 |
90 | There are many options and the STIG remediation steps are well known. Here the learner will examine a few ways to generate Ansible and Shell fixes to your system. Then one can apply all of them, or just
91 | some of them. This is the real value of a security engineer focused Linux engineer, the tradeoff between security and productivity.
92 |
93 | 8. Download and extract a STIG remediation tool
94 |
95 | cd /root mkdir stigs cd stigs
96 | wget -O U_RHEL_9_V2R3_STIG_Ansible.zip https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_RHEL_9_V2R3_STIG_Ansible.zip
97 | unzip U_RHEL_9_V2R3_STIG_Ansible.zip
98 | mkdir ansible
99 | cp rhel9STIG-ansible.zip ansible/
100 | cd ansible
101 | unzip rhel9STIG-ansible.zip
102 |
103 |
104 | 9. Examine the default values for stigs
105 |
106 | vim /root/stigs/ansible/roles/rhel9STIG/defaults/main.yml
107 |
108 | Search for a few of the STIG numbers you used earlier and see their default values.
109 | #use /257784 to search
110 |
111 | 10. Examine the playbook to see how those are applied in a running system.
112 |
113 | vim /root/stigs/ansible/roles/rhel9STIG/tasks/main.yml
114 |
115 | #use /257784 to search for the STIG from above and see how it is fixed in the playbook.
116 |
117 | 11. Create an Ansible playbook from openscap.
118 |
119 | dnf -y install openscap-scanner openscap-utils openscap-scanner scap-security-guide
120 |
121 | #Generate the Ansible
122 | oscap xccdf generate fix --profile ospp --fix-type ansible /usr/share/xml/scap/ssg/content/ssg-rhel9-ds.xml > draft-disa-remediate.yml
123 |
124 | #Examine the file
125 | vim draft-disa-remediate.yml
126 |
127 | #Generate a BASH version
128 | oscap xccdf generate fix --profile ospp --fix-type bash /usr/share/xml/scap/ssg/content/ssg-rhel9-ds.xml > draft-disa-remediate.sh
129 |
130 | #Examine the file
131 | vim draf-disa-remediate.sh
--------------------------------------------------------------------------------
/src/development.md:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
Contributing and Local Development
5 |
6 |
7 |
8 | It is strongly encouraged that contributors test their changes before making
9 | commits. To help facilitate this process a set of instructions and guidelines
10 | are provided below. These guidelines are by no means a requirement or the only
11 | set of procedures to locally develop on this project.
12 |
13 | The examples, code, and commands provided below were developed using such
14 | technologies as Ansible, containers, bash scripts, and more.
15 |
16 | ## Build Dependencies
17 |
18 | ---
19 |
20 | The ProLUG Security Course (psc) utilizes [mdBook](https://github.com/rust-lang/mdBook)
21 | (markdown Book), a friendly and popular markdown utility that quickly exports
22 | files and web structures for documentation or general website use cases.
23 |
24 | Utilizing mdBook this course then deploys the exported web structure to a
25 | [Git Pages workflow](https://docs.github.com/en/pages/getting-started-with-github-pages/using-custom-workflows-with-github-pages) and runner that then produces an easily navigable website.
26 |
27 | Below is the current workflow that deploys the Git Page for the course:
28 |
29 |
30 |
31 |
32 |
33 |
34 |
35 | To achieve this deployment locally the following environment and dependencies are
36 | required:
37 |
38 |
39 |
1. A localhost, this could be a container, virtual machine, or local machine
40 |
2. The following packages installed on such machine:
41 |
- httpd or apache
42 |
- git
43 |
- gcc
44 |
- rust
45 |
- cargo
46 |
3. And a clone of a ProLUG repository
47 |
48 |
49 | ## Building, Deploying, and Developing Locally
50 |
51 | ---
52 |
53 | Below is a set of scripts and Ansible-Playbooks that can quickly achieve this
54 | environment in an automated fashion. They are only designed to "standup" these
55 | machines, they are otherwise unintelligent and will not manage or cleanup
56 | environments if things go awry.
57 |
58 | ### Ansible-Playbook
59 |
60 |
61 |
62 | To use this playbook, your machine(s)/containers must be configured correctly for Ansible.
63 | If you don't know the requirements to administer a machine via Ansible documentation
64 | has been provided below.
65 |
66 |
67 | This playbook attempts to install and initialize dependencies based on APT and DNF package managers only.
68 |
69 |
70 | Getting started with Ansible:
71 |
72 |
73 | ### Bash Script
74 |
75 | Many of these commands assume a root user.
76 |
77 | Export and execute this script to your machine/container.
78 |
79 |
80 |
81 | Dependencies can total over ~500MB compressed and 1-2GB unpackaged or more.
82 |
83 | Debian containers/machines will require building many of these packages from
84 | source or adding additional repositories as Debian has a far slower package
85 | version adoption rate for stability, thus is not recommended for deploying mdBook.
86 |
87 |
88 |
89 | These scripts will take up to 5-7 minutes to download the necessary dependencies
90 | and compile mdBook depending on the machine/container's capabilities.
91 |
92 | Tested with Rocky 9 and Ubuntu 24.04 Containers.
93 |
94 | APT frontends:
95 |
96 | ```bash
97 | #!/usr/bin/env bash
98 | apt-get update
99 | apt-get -y install apache2 git gcc rustc-1.80 cargo-1.80
100 | cargo-1.80 install --locked mdbook@0.4.48
101 | systemctl enable --now apache2
102 | cd && git clone https://github.com/ProfessionalLinuxUsersGroup/psc
103 | echo 'PATH=$PATH:~/.cargo/bin/' | tee -a ~/.profile
104 | export PATH=$PATH:~/.cargo/bin/ && echo $PATH | grep cargo
105 | cd ~/psc && mdbook build -d /var/www/html
106 | systemctl restart apache2
107 | ```
108 |
109 | DNF frontends:
110 |
111 | ```bash
112 | #!/usr/bin/env bash
113 | dnf update
114 | dnf install -y httpd git gcc rust cargo
115 | cargo install --locked mdbook
116 | systemctl enable --now httpd
117 | cd && git clone https://github.com/ProfessionalLinuxUsersGroup/psc
118 | echo 'PATH=$PATH:~/.cargo/bin/' | tee -a ~/.bash_profile
119 | export PATH=$PATH:~/.cargo/bin/ && echo $PATH | grep cargo
120 | cd ~/psc && mdbook build -d /var/www/html
121 | systemctl restart httpd
122 | ```
123 |
124 | #### From here you can use such commands from your localhost to implement changes:
125 |
126 | ```bash
127 | cd {working psc directory} #for example: /root/psc or ~/psc
128 | mdbook build -d /var/www/html
129 | systemctl restart {httpd or apache}
130 | ```
131 |
132 | These commands will switch your shell into the appropriate directory, execute
133 | the necessary cargo binaries located in its installed PATH, build the mdBook
134 | from any files that were changed, and then finally restart the web server.
135 |
136 | From there you should be able to see any changes you have made are reflected.
137 |
138 | #### Or send commands over to a networked container or machine:
139 |
140 | **Note:** To minimize complexity and given the nature of commands over SSH,
141 | these commands will need to utilize absolute paths.
142 |
143 | ```bash
144 | scp {working directory}/{targeted document} {TARGET_IP}:/root/psc/src/{targeted document}
145 | ssh {TARGET_IP} "cd /root/psc && ~/.cargo/bin/mdbook build -d /var/www/html && systemctl restart httpd"
146 | ```
147 |
148 | An example of the workflow after making changes:
149 |
150 | ```bash
151 | scp src/development.md 172.16.15.8:/root/psc/src/
152 | ssh 172.16.15.8 "cd /root/psc && ~/.cargo/bin/mdbook build -d /var/www/html && systemctl restart httpd"
153 | ```
154 |
155 |
156 |
--------------------------------------------------------------------------------
/.github/ISSUE_TEMPLATE/unit-bonus-body.md:
--------------------------------------------------------------------------------
1 | # Example Bonus 🍒 from LAC Unit 1 Bonus
2 |
3 | ---
4 |
5 |
6 |
7 |
8 |
Unit 1 Bonus - VIM Fundamentals for Linux Sysadmins
9 |
10 |
11 |
12 | > **NOTE:** This is an **optional** bonus section. You **do not** need to read it, but if you're interested in digging deeper, this is for you.
13 |
14 | ## Module 1: Getting Started (Days 1-2)
15 |
16 | ---
17 |
18 | ### Day 1: First Contact with VIM
19 |
20 | **Segment 1: The Basics**
21 |
22 | 1. Complete first section of `vimtutor`
23 | 2. Learn essential commands:
24 | - `vim filename` - Open/create file
25 | - `i` - Enter insert mode
26 | - `Esc` - Return to normal mode
27 | - `:w` - Save changes
28 | - `:q` - Quit
29 | - `:wq` or `ZZ` - Save and quit
30 | - `:q!` - Quit without saving
31 |
32 | **Segment 2: Building Muscle Memory**
33 |
34 | 1. Create five different files
35 | 2. Practice mode switching 50 times
36 | 3. Write and save content in each file
37 | 4. Practice recovering from common mistakes:
38 | - Accidentally pressed keys in normal mode
39 | - Forgot to enter insert mode
40 | - Trying to quit without saving
41 |
42 | **Segment 3: First Real Task**
43 |
44 | 1. Create a simple bash script template
45 | 2. Add standard sections:
46 | - Shebang line
47 | - Comments
48 | - Basic variables
49 | - Simple functions
50 | 3. Save and reopen multiple times
51 |
52 | ### Day 2: Comfort Zone
53 |
54 | **Segment 1: More Basic Operations**
55 |
56 | 1. Complete second section of `vimtutor`
57 | 2. Practice quick save and exit combinations
58 | 3. Learn to read VIM messages and errors
59 | 4. Understand modes in depth:
60 | - Normal mode
61 | - Insert mode
62 | - Visual mode (introduction)
63 |
64 | **Segment 2: Error Recovery**
65 |
66 | 1. Create deliberate errors and fix them:
67 | - Write without insert mode
68 | - Exit without saving needed changes
69 | - Get stuck in different modes
70 | 2. Practice until you can recover without thinking
71 |
72 | **Segment 3: Real Config Practice**
73 |
74 | 1. Copy `/etc/hosts` file
75 | 2. Make various modifications:
76 | - Add new host entries
77 | - Modify existing entries
78 | - Add comments
79 | - Save different versions
80 |
81 | ## Module 2: Navigation (Days 3-4)
82 |
83 | ---
84 |
85 | ### Day 3: Basic Movement
86 |
87 | **Segment 1: Core Movement Commands**
88 |
89 | - Master the basics:
90 | - `h` - Left
91 | - `j` - Down
92 | - `k` - Up
93 | - `l` - Right
94 | - `w` - Next word
95 | - `b` - Previous word
96 | - `0` - Line start
97 | - `$` - Line end
98 |
99 | **Segment 2: Movement Drills**
100 |
101 | 1. Create a "movement course" file
102 | 2. Practice moving between marked points
103 | 3. Time your navigation speed
104 | 4. Compete against your previous times
105 |
106 | **Segment 3: Applied Navigation**
107 |
108 | 1. Navigate through `/etc/ssh/sshd_config`:
109 | - Find specific settings
110 | - Move between sections
111 | - Locate comments
112 | - Jump to line numbers
113 |
114 | ### Day 4: Advanced Movement
115 |
116 | **Segment 1: Extended Movement**
117 |
118 | - Learn efficient jumps:
119 | - `gg` - File start
120 | - `G` - File end
121 | - `{` - Previous paragraph
122 | - `}` - Next paragraph
123 | - `Ctrl+f` - Page down
124 | - `Ctrl+b` - Page up
125 |
126 | **Segment 2: Speed Training**
127 |
128 | 1. Work with a large configuration file
129 | 2. Practice jumping between sections
130 | 3. Find specific lines quickly
131 | 4. Navigate through code blocks
132 |
133 | **Segment 3: Real-world Navigation**
134 |
135 | 1. Work with system logs
136 | 2. Jump between error messages
137 | 3. Navigate through long configuration files
138 | 4. Practice quick file browsing
139 |
140 | ## Module 3: Essential Editing (Days 5-7)
141 |
142 | ---
143 |
144 | ### Day 5: Basic Editing
145 |
146 | **Segment 1: Edit Commands**
147 |
148 | - Master core editing:
149 | - `x` - Delete character
150 | - `dd` - Delete line
151 | - `yy` - Copy line
152 | - `p` - Paste after
153 | - `P` - Paste before
154 | - `u` - Undo
155 | - `Ctrl + r` - Redo
156 |
157 | **Segment 2: Editing Drills**
158 |
159 | 1. Create practice documents
160 | 2. Delete and replace text
161 | 3. Copy and paste sections
162 | 4. Practice undo/redo chains
163 |
164 | **Segment 3: System File Editing**
165 |
166 | 1. Work with `/etc/fstab` copy:
167 | - Add mount points
168 | - Remove entries
169 | - Comment lines
170 | - Fix formatting
171 |
172 | ### Day 6: Intermediate Editing
173 |
174 | **Segment 1: Combined Commands**
175 |
176 | - Learn efficient combinations:
177 | - `dw` - Delete word
178 | - `d$` - Delete to line end
179 | - `d0` - Delete to line start
180 | - `cc` - Change whole line
181 | - `cw` - Change word
182 |
183 | **Segment 2: Practical Application**
184 |
185 | 1. Edit service configuration files
186 | 2. Modify system settings
187 | 3. Update network configurations
188 | 4. Clean up log files
189 |
190 | **Segment 3: Speed Challenges**
191 |
192 | 1. Timed editing tasks
193 | 2. Configuration file cleanup
194 | 3. Quick text transformation
195 | 4. Error correction sprints
196 |
197 | ### Day 7: Editing Mastery
198 |
199 | **Segment 1: Advanced Operations**
200 |
201 | - Master text objects:
202 | - `ciw` - Change inner word
203 | - `ci"` - Change inside quotes
204 | - `di(` - Delete inside parentheses
205 | - `yi{` - Yank inside braces
206 |
207 | **Segment 2: Integration Practice**
208 |
209 | 1. Combine all learned commands
210 | 2. Work with multiple files
211 | 3. Practice common scenarios
212 | 4. Time your operations
213 |
214 | ## Daily Success Metrics
215 |
216 | ---
217 |
218 | By end of each day, you should be able to:
219 |
220 | - Day 1: Open, edit, save, and exit files confidently
221 | - Day 2: Understand and recover from common errors
222 | - Day 3: Navigate small files without arrow keys
223 | - Day 4: Move through large files efficiently
224 | - Day 5: Perform basic edits without hesitation
225 | - Day 6: Combine movement and editing commands
226 | - Day 7: Edit configuration files with confidence
227 |
228 | ## Practice Tips
229 |
230 | ---
231 |
232 | 1. Use `vimtutor` during breaks
233 | 2. Disable arrow keys completely
234 | 3. Keep a command log of new discoveries
235 | 4. Time your editing operations
236 | 5. Practice with real system files (copies)
237 |
238 | Remember: Focus on accuracy first, then build speed.
239 |
240 | ## Downloads
241 |
--------------------------------------------------------------------------------
/src/syllabus.md:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
ProLUG Security Engineering Course
5 |
6 |
7 |
8 | Welcome to the ProLUG Security Engineering Course Book.
9 |
10 | ## This Book
11 |
12 | Contains all materials pertaining to the course including links to external resources.
13 | It has been put together with care by a number of ProLUG group members referencing original
14 | instructional materials produced by Scott Champine (Het Tanis).
15 |
16 | The content is version controlled with Git and stored here:
17 |
18 | Furthermore, the book has been built with mdbook for ease of navigation. Be sure to try the search functionality.
19 |
20 | ### Course Description
21 |
22 | This course addresses how to secure Linux a corporate environment. This course will focus on adhering
23 | to regulations, best practices, and industry standards. This course will expose the concepts of controls,
24 | their implementation, and how they fit into overall security posture. The learner will practice securely
25 | building, deploying, integrating, and monitoring Linux systems. Standard security documentation and
26 | reporting will be practiced throughout, to better prepare the learner for the industry.
27 |
28 | ### Prerequisite(s) and/or Corequisite(s):
29 |
30 | Prerequisites: None
31 |
32 | **Credit hours: N/A**
33 |
34 | **Contact hours: 100 (40 Theory Hours, 60 Lab Hours)**
35 |
36 | ## Course Summary
37 |
38 | ### Major Instructional Areas
39 |
40 | - Build Standards and Compliance
41 | - Securing the Network Connection
42 | - User Access and System Integration
43 | - Bastion Hosts and Air-Gaps
44 | - Updating Systems and Patch Cycles
45 | - Monitoring and Parsing Logs
46 | - Monitoring and Alerting
47 | - Configuration drift and Remediation
48 | - Certificate and Key Madness
49 |
50 | ### Course Objectives
51 |
52 | - Build and configure a Linux system to adhere to compliance frameworks
53 | - Integrating Linux to a network in a secure fashion
54 | - Integrating Linux with Enterprise Identity and Access Management (IAM) frameworks
55 | - Implement User ingress controls to a system/network with bastion frameworks
56 | - Updating Linux to resolve security vulnerabilities and reporting out to security teams
57 | - Design logging workflows to move event logging off of systems for real time monitoring
58 | - Monitoring and alerting on events in Linux
59 | - Maintaining system configuration drift and remediation
60 |
61 | #### Written Discussions
62 |
63 | Are assigned as 'Discussion Posts' within each unit. Discussions generally take place
64 | within the Discord Server under #prolug-projects. More specifically, each unit will
65 | contain links to particular discussion posts within #prolug-projects.
66 |
67 | #### Completing the Course
68 |
69 | In order to complete this course students must participate in group discussions and
70 | complete provided labs. Additionally, students are to propose and complete a final
71 | project involving skills learned from the course.
72 |
73 |
74 |
75 |
76 |
77 | #### Recommended Tools, Resources, and Frameworks
78 |
79 | - Killercoda:
80 | - STIG Resources:
81 | - Recommended (but not required) STIG Viewer: v2.18
82 | - NIST:
83 | - Open Worldwide Application Security Project Top 10:
84 | - CIS Controls and Benchmarks:
85 |
86 | ### Required Resources
87 |
88 | #### Option #1 (Killercoda Machine)
89 |
90 | Cloud Lab server running Ubuntu on Killercoda.
91 |
92 | Minimal resources can accomplish our tasks
93 |
94 | - 1 CPU
95 | - 2 GB Ram
96 | - 30 GB Hard Drive
97 | - Network Interface (IP already setup)
98 |
99 | #### Option #2 (Home Lab)
100 |
101 | Local VM server running: RHEL, Fedora, Rocky
102 |
103 | Minimal resources
104 |
105 | - 1 CPU
106 | - 2GB RAM
107 | - Network Interface (Bridged)
108 |
109 | #### Option #3 (ProLUG Remote Lab)
110 |
111 | ProLUG Lab access to Rocky 9.4+ instance.
112 |
113 | Minimal resources can accomplish our tasks
114 |
115 | - 1 CPU
116 | - 4 GB RAM
117 | - Network Interface (IP already setup)
118 |
119 |
120 |
121 | ### Course Plan
122 |
123 | #### Instructional Methods
124 |
125 | This course is designed to promote learner-centered activities and support the development of Linux
126 | security skills. The course utilizes individual and group learning activities, performance-driven
127 | assignments, problem-based cases, projects, and discussions. These methods focus on building
128 | engaging learning experiences conducive to development of critical knowledge and skills that can be
129 | effectively applied in professional contexts.
130 |
131 | #### Class Size
132 |
133 | This class will effectively engage 40-60 learners.
134 |
135 | #### Class Schedule
136 |
137 |
138 |
139 | Class will meet over weekend (Brown bag) sessions. 1 time per week, for 10 weeks. There will be a total
140 | of 10 sessions.
141 |
142 | | Session | Topic |
143 | | :-----: | :------------------------------------------: |
144 | | 1 | Unit 1 - Build Standards and Compliance |
145 | | 2 | Unit 2 - Securing the network connection |
146 | | 3 | Unit 3 - User Access and system integration |
147 | | 4 | Unit 4 - Bastion hosts and airgaps |
148 | | 5 | Unit 5 - Updating systems and patch cycles |
149 | | 6 | Unit 6 - Monitoring and parsing logs |
150 | | 7 | Unit 7 - Monitoring and alerting |
151 | | 8 | Unit 8 - Configuration drift and remediation |
152 | | 9 | Unit 9 - Certificate and key madness |
153 | | 10 | Unit 10 - Recap and final project |
154 |
155 | ### Suggested Learning Approach
156 |
157 | In this course, you will be studying individually and within a group of your peers,
158 | primarily in a lab environment. As you work on the course deliverables, you are
159 | encouraged to share ideas with your peers and instructor, work collaboratively on
160 | projects and team assignments, raise questions, and provide constructive feedback.
161 |
--------------------------------------------------------------------------------
/src/prolug.md:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
The Professional Linux Users Group (ProLUG)
5 |
6 |
7 |
8 | ## In the Beginning
9 |
10 | ---
11 |
12 | Founded approximately 15 years ago, the Professional Linux User Group (ProLUG) began as a vision of Het Tanis, known by his community alias 'Scott Champine.' Het identified the need for an informal yet structured space where Linux professionals could share knowledge, collaborate, and grow together. What started as local in-person meetups quickly gained traction, thanks to the increasing demand for open-source collaboration and the widespread adoption of Linux in both enterprises and personal projects.
13 |
14 | ## Why ProLUG Started
15 |
16 | ---
17 |
18 | ProLUG was born out of the recognition that Linux professionals often face challenges that are best solved through peer collaboration and hands-on experience. The community’s founding principles were rooted in creating an environment where newcomers could learn from experienced professionals, and seasoned users could gain exposure to advanced topics and emerging technologies. Its core mission was simple yet impactful: to provide continuous growth opportunities in Linux system administration, automation, and cloud technologies.
19 |
20 | Some of the key motivations behind ProLUG's formation include:
21 |
22 | - **Peer Support:** Helping members solve technical challenges through discussion and advice from experts.
23 | - **Knowledge Sharing:** Encouraging open sharing of tips, tricks, configurations, and scripts related to Linux and open-source tools.
24 | - **Hands-on Learning:** Providing access to practical labs, exercises, and real-world scenarios for hands-on training.
25 | - **Community Mentorship:** Offering a space for members to mentor and be mentored by others in different stages of their careers.
26 | - **Certification Prep:** Assisting members in preparing for recognized industry certifications.
27 |
28 | ## The Expansion into an Online Community
29 |
30 | ---
31 |
32 | While initially focused on local in-person meetings, ProLUG embraced online platforms to extend its reach globally. The switch to a virtual model enabled:
33 |
34 | - **Global Networking:** Professionals and enthusiasts from around the world could now connect, learn, and collaborate without geographical limitations.
35 | - **24/7 Discussion:** Via platforms like Discord, members could share insights, discuss Linux problems, and exchange ideas anytime, anywhere.
36 | - **Greater Diversity:** The online expansion diversified the member base, incorporating individuals from various industries and technical backgrounds, creating a rich environment for problem-solving.
37 |
38 | ## Interactive Labs and Training Programs
39 |
40 | ---
41 |
42 | One of ProLUG’s most successful expansions has been its focus on interactive, hands-on labs. To bridge the gap between theory and practice, Het Tanis launched a series of labs on platforms like Killercoda, covering a variety of topics including:
43 |
44 | - **Linux Essentials and System Administration**
45 | - **Ansible Automation**
46 | - **Kubernetes and Container Orchestration**
47 | - **Security and Network Hardening**
48 |
49 | With over 50 interactive labs available and more being continuously developed, members benefit from practical scenarios that simulate real-world challenges. The labs cater to beginners, intermediates, and experts, ensuring everyone has something to gain.
50 |
51 | ## Certification and Career Development
52 |
53 | ---
54 |
55 | In 2024, ProLUG launched its first structured certification course: **Enterprise Linux Administration**. This program was designed to provide a comprehensive curriculum covering topics such as:
56 |
57 | - Advanced Linux system configuration
58 | - Enterprise networking and services
59 | - Security management
60 | - Scripting and automation
61 |
62 | The first cohort of graduates successfully completed the program in January 2025, marking a major milestone in ProLUG’s commitment to professional development. Many graduates have reported success stories, such as landing new jobs, securing promotions, or gaining confidence in their Linux expertise.
63 |
64 | ## What is a User Group?
65 |
66 | ---
67 |
68 | A **user group** is a community of individuals who come together to share common interests, typically in a specific area of technology, such as Linux. These groups can be local or online and serve as platforms for:
69 |
70 | - **Collaboration:** Members work together to troubleshoot, build projects, and share experiences.
71 | - **Networking:** Opportunities to connect with professionals, mentors, and employers within the field.
72 | - **Learning:** Workshops, presentations, and discussions that cover new and emerging technologies.
73 | - **Career Growth:** Access to resources, training programs, and job opportunities.
74 |
75 | ProLUG is a prime example of how a user group can grow beyond its initial purpose, evolving into a vibrant global community with practical learning opportunities and real-world outcomes.
76 |
77 | ## Success Stories
78 |
79 | ---
80 |
81 | Being part of ProLUG has proven highly beneficial for many members, with success stories ranging from career advancements to personal growth:
82 |
83 | - **Job Opportunities:** Members have found jobs in system administration, DevOps, and cloud engineering roles through networking within ProLUG.
84 | - **Certifications:** Many members have successfully obtained Linux-related certifications, including RHCSA, RHCE, and LFCS, using ProLUG’s resources and mentorship programs.
85 | - **Skill Development:** Through interactive labs and group discussions, members have honed skills in automation (Ansible), scripting (Bash, Python), containerization (Docker, Kubernetes), and more.
86 | - **Mentorship Relationships:** Senior professionals have mentored newcomers, creating a cycle of continuous learning and knowledge sharing.
87 |
88 | ## Current Milestones
89 |
90 | ---
91 |
92 | - **3,000+ Members:** ProLUG’s global community continues to grow rapidly, attracting Linux enthusiasts and professionals from various backgrounds.
93 | - **50+ Interactive Labs:** Covering diverse topics, from basic Linux administration to advanced enterprise systems management.
94 | - **Ongoing Training Programs:** Continuous updates to certification preparation courses, interactive workshops, and guided lab exercises.
95 |
96 | ProLUG’s commitment to fostering a collaborative environment has made it a go-to community for anyone interested in Linux. Whether you're a beginner looking to learn the basics or an experienced professional aiming to advance your career, ProLUG offers a pathway to success.
97 |
--------------------------------------------------------------------------------
/theme/css/general.css:
--------------------------------------------------------------------------------
1 | /* Base styles and content styles */
2 |
3 | :root {
4 | /* Browser default font-size is 16px, this way 1 rem = 10px */
5 | font-size: 62.5%;
6 | color-scheme: var(--color-scheme);
7 | }
8 |
9 | html {
10 | font-family: "Open Sans", sans-serif;
11 | color: var(--fg);
12 | background-color: var(--bg);
13 | text-size-adjust: none;
14 | -webkit-text-size-adjust: none;
15 | }
16 |
17 | body {
18 | margin: 0;
19 | font-size: 1.6rem;
20 | overflow-x: hidden;
21 | }
22 |
23 | code {
24 | font-family: var(--mono-font) !important;
25 | font-size: var(--code-font-size);
26 | direction: ltr !important;
27 | }
28 |
29 | /* make long words/inline code not x overflow */
30 | main {
31 | overflow-wrap: break-word;
32 | }
33 |
34 | /* make wide tables scroll if they overflow */
35 | .table-wrapper {
36 | overflow-x: auto;
37 | }
38 |
39 | /* Don't change font size in headers. */
40 | h1 code,
41 | h2 code,
42 | h3 code,
43 | h4 code,
44 | h5 code,
45 | h6 code {
46 | font-size: unset;
47 | }
48 |
49 | .left {
50 | float: left;
51 | }
52 | .right {
53 | float: right;
54 | }
55 | .boring {
56 | opacity: 0.6;
57 | }
58 | .hide-boring .boring {
59 | display: none;
60 | }
61 | .hidden {
62 | display: none !important;
63 | }
64 |
65 | h2,
66 | h3 {
67 | margin-block-start: 2.5em;
68 | }
69 | h4,
70 | h5 {
71 | margin-block-start: 2em;
72 | }
73 |
74 | .header + .header h3,
75 | .header + .header h4,
76 | .header + .header h5 {
77 | margin-block-start: 1em;
78 | }
79 |
80 | h1:target::before,
81 | h2:target::before,
82 | h3:target::before,
83 | h4:target::before,
84 | h5:target::before,
85 | h6:target::before {
86 | display: inline-block;
87 | content: "»";
88 | margin-inline-start: -30px;
89 | width: 30px;
90 | }
91 |
92 | /* This is broken on Safari as of version 14, but is fixed
93 | in Safari Technology Preview 117 which I think will be Safari 14.2.
94 | https://bugs.webkit.org/show_bug.cgi?id=218076
95 | */
96 | :target {
97 | /* Safari does not support logical properties */
98 | scroll-margin-top: calc(var(--menu-bar-height) + 0.5em);
99 | }
100 |
101 | .page {
102 | outline: 0;
103 | padding: 0 var(--page-padding);
104 | margin-block-start: calc(
105 | 0px - var(--menu-bar-height)
106 | ); /* Compensate for the #menu-bar-hover-placeholder */
107 | }
108 | .page-wrapper {
109 | box-sizing: border-box;
110 | background-color: var(--bg);
111 | }
112 | .no-js .page-wrapper,
113 | .js:not(.sidebar-resizing) .page-wrapper {
114 | transition: margin-left 0.3s ease, transform 0.3s ease; /* Animation: slide away */
115 | }
116 | [dir="rtl"] .js:not(.sidebar-resizing) .page-wrapper {
117 | transition: margin-right 0.3s ease, transform 0.3s ease; /* Animation: slide away */
118 | }
119 |
120 | .content {
121 | overflow-y: auto;
122 | padding: 0 5px 50px 5px;
123 | }
124 | .content main {
125 | margin-inline-start: auto;
126 | margin-inline-end: auto;
127 | max-width: var(--content-max-width);
128 | }
129 | .content p {
130 | line-height: 1.45em;
131 | }
132 | .content ol {
133 | line-height: 1.45em;
134 | }
135 | .content ul {
136 | line-height: 1.45em;
137 | }
138 | .content a {
139 | text-decoration: none;
140 | }
141 | .content a:hover {
142 | text-decoration: underline;
143 | }
144 | .content img,
145 | .content video {
146 | max-width: 100%;
147 | }
148 | .content .header:link,
149 | .content .header:visited {
150 | color: var(--fg);
151 | }
152 | .content .header:link,
153 | .content .header:visited:hover {
154 | text-decoration: none;
155 | }
156 |
157 | table {
158 | margin: 0 auto;
159 | border-collapse: collapse;
160 | }
161 | table td {
162 | padding: 3px 20px;
163 | border: 1px var(--table-border-color) solid;
164 | }
165 | table thead {
166 | background: var(--table-header-bg);
167 | }
168 | table thead td {
169 | font-weight: 700;
170 | border: none;
171 | }
172 | table thead th {
173 | padding: 3px 20px;
174 | }
175 | table thead tr {
176 | border: 1px var(--table-header-bg) solid;
177 | }
178 | /* Alternate background colors for rows */
179 | table tbody tr:nth-child(2n) {
180 | background: var(--table-alternate-bg);
181 | }
182 |
183 | blockquote {
184 | margin: 20px 0;
185 | padding: 0 20px;
186 | color: var(--fg);
187 | background-color: var(--quote-bg);
188 | border-block-start: 0.1em solid var(--quote-border);
189 | border-block-end: 0.1em solid var(--quote-border);
190 | }
191 |
192 | .warning {
193 | margin: 20px;
194 | padding: 0 20px;
195 | border-inline-start: 2px solid var(--warning-border);
196 | }
197 |
198 | .warning:before {
199 | position: absolute;
200 | width: 3rem;
201 | height: 3rem;
202 | margin-inline-start: calc(-1.5rem - 21px);
203 | content: "ⓘ";
204 | text-align: center;
205 | background-color: var(--bg);
206 | color: var(--warning-border);
207 | font-weight: bold;
208 | font-size: 2rem;
209 | }
210 |
211 | blockquote .warning:before {
212 | background-color: var(--quote-bg);
213 | }
214 |
215 | kbd {
216 | background-color: var(--table-border-color);
217 | border-radius: 4px;
218 | border: solid 1px var(--theme-popup-border);
219 | box-shadow: inset 0 -1px 0 var(--theme-hover);
220 | display: inline-block;
221 | font-size: var(--code-font-size);
222 | font-family: var(--mono-font);
223 | line-height: 10px;
224 | padding: 4px 5px;
225 | vertical-align: middle;
226 | }
227 |
228 | sup {
229 | /* Set the line-height for superscript and footnote references so that there
230 | isn't an awkward space appearing above lines that contain the footnote.
231 |
232 | See https://github.com/rust-lang/mdBook/pull/2443#discussion_r1813773583
233 | for an explanation.
234 | */
235 | line-height: 0;
236 | }
237 |
238 | :not(.footnote-definition) + .footnote-definition {
239 | margin-block-start: 2em;
240 | }
241 | .footnote-definition:not(:has(+ .footnote-definition)) {
242 | margin-block-end: 2em;
243 | }
244 | .footnote-definition {
245 | font-size: 0.9em;
246 | margin: 0.5em 0;
247 | }
248 | .footnote-definition p {
249 | display: inline;
250 | }
251 |
252 | .tooltiptext {
253 | position: absolute;
254 | visibility: hidden;
255 | color: #fff;
256 | background-color: #333;
257 | transform: translateX(
258 | -50%
259 | ); /* Center by moving tooltip 50% of its width left */
260 | left: -8px; /* Half of the width of the icon */
261 | top: -35px;
262 | font-size: 0.8em;
263 | text-align: center;
264 | border-radius: 6px;
265 | padding: 5px 8px;
266 | margin: 5px;
267 | z-index: 1000;
268 | }
269 | .tooltipped .tooltiptext {
270 | visibility: visible;
271 | }
272 |
273 | .chapter li.part-title {
274 | color: var(--sidebar-fg);
275 | margin: 5px 0px;
276 | font-weight: bold;
277 | }
278 |
279 | .result-no-output {
280 | font-style: italic;
281 | }
282 |
283 | .flex-container {
284 | display: flex;
285 | align-items: center;
286 | gap: 20px;
287 | }
288 |
--------------------------------------------------------------------------------
/src/u6lab.md:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
Unit 6 Lab - Monitoring and Parsing Logs
5 |
6 |
7 |
8 | > If you are unable to finish the lab in the ProLUG lab environment we ask you `reboot`
9 | > the machine from the command line so that other students will have the intended environment.
10 |
11 | ### Required Materials
12 |
13 | Putty or other connection tool Lab Server
14 |
15 | Root or sudo command access
16 |
17 | STIG Viewer 2.18 (download from )
18 |
19 | #### Downloads
20 |
21 | The lab has been provided below. The document(s) can be transposed to
22 | the desired format so long as the content is preserved. For example, the `.txt`
23 | could be transposed to a `.md` file.
24 |
25 | - 📥 u6_lab(`.txt`)
26 | - 📥 u6_lab(`.pdf`)
27 |
28 | ## Lab 🧪
29 |
30 | In keeping with the lab for this week, there are 4 major architectures for collecting and storing logs.
31 | Within these architectures exist many mutations from the archetype that solve different problems addressed
32 | in the scale, reliability, real-time analysis, budget, expertise, compliance, and existing infrastructure
33 | of the systems being logged.
34 |
35 | This lab will touch 3 of the 4 types of architectures, so that the learner
36 | understands the deployment and capabilities. The 4th, cloud, architecture type will be optionally completed
37 | by the learner for their cloud deployment of choice. The learner can then reflect on the tradeoff of why one
38 | or another of these tools may be the right choice in their organization or not.
39 |
40 | ### Rsyslog forwarding and collection
41 |
42 | 1. Consider this architecture, where all modern Linux systems have built in rsyslog capabilities. One of them can
43 | be set to "catch" or aggregate all logs and then any number of servers can send over to them.
44 |
45 |
46 |
47 | 2. Complete the lab:
48 |
49 | - Why do we split out the logs in this lab? Why don't we just aggregated them to one place?
50 |
51 | - What do we split them out by?
52 | - How does that template configuration work?
53 |
54 | - Are we securing this communication in any way, or do we still need to configure that?
55 |
56 | 3. We will revisit this lab in Unit 10, with security involved via certificates, so make sure you are comfortable
57 | with the base components you are configuring.
58 |
59 | ### Agents forward to a centralized platform
60 |
61 | 1. Review the base architecture here:
62 |
63 | 2. Complete the lab here:
64 |
65 | - Does the lab work correctly, and do you understand the data flow?
66 |
67 | - While still in the lab
68 |
69 | - `cd /answers`
70 |
71 | - `python3 loki-write.py #Do this a few times`
72 |
73 | - Refresh your Grafana and change the app to lab_logging
74 |
75 | - Can you see it in your Grafana?
76 |
77 |
78 |
79 | - Can you modify the file loki-write.py to say something related to your name?
80 |
81 | - Run this bash snippet and see if you can see your loki-writes
82 |
83 | ```bash
84 | curl -G -s "http://localhost:3100/loki/api/v1/query_range" \
85 | --data-urlencode 'query=sum(rate({job="lab_logging"}[10m])) by (level)' \
86 | --data-urlencode 'step=300' | jq
87 | ```
88 |
89 | - Can you modify that to see the actual entires?
90 |
91 | 3. We will revisit this lab in Unit 10, with security involved via certificates, so make sure you are
92 | comfortable with the base components you are configuring.
93 |
94 | ### Message Queues (Event Bus) for log aggregation and propagation
95 |
96 | 1. Apache Kafka is not the only message queue, but it is extremely popular (found in 80% for Fortune 100
97 | companies… or 80 of them). Read about the use cases here:
98 |
99 | 2. Review our diagram here. Maybe we're testing kafka and want to integrate it to the existing infrastructure.
100 | Maybe we have a remote location that we need to reliably catch logs in real time and then move them remote. There are many reasons to use this.
101 |
102 |
103 |
104 | 3. Complete the killercoda lab found here:
105 |
106 | - Did you get it all to work?
107 |
108 | - Does the flow make sense in the context of this diagram?
109 |
110 | - Can you find any configurations or blogs that describe why you might want to use this architecture or
111 | how it has been used in the industry?
112 |
113 | ### (OPTIONAL) Cloud-Native Logging services
114 |
115 | 1. OPTIONAL: Setup VPC flow logs in your AWS environment:
116 |
117 | 2. OPTIONAL: Even if not completing these labs, why might it be useful to understand the fields of a VPC flow log even if you're not setting up logging in AWS environments (but your organization does use AWS)? https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs-records-examples.html
118 |
119 | ## Digging Deeper challenge (not required for finishing lab)
120 |
121 | 1. For Architecture 3, using message queues. This is an excellent write-up of how disparate systems can be connected with a message queues or event bus to enhance metrics pipelining.
122 |
123 | - They're not necessarily doing logs, but rather metric data, but can you see how they solved their latency
124 | and connectivity problems on page 14 and 15?
125 |
126 | 2. Review some of the anti-patterns for cloud, but really any logging patterns.
127 |
128 | - How do these relate to your current understanding of logging?
129 |
130 | - Do they show anything that you need to think about in the future of how you look at enterprise logging?
131 |
132 | 3. Go to
133 |
134 | - Which of these have you used and which have you not used?
135 |
136 | - How do many of these plug into existing observability patterns (logging)?
137 |
138 | - What is Fluentd trying to solve? How does it work?
139 |
140 | > Be sure to `reboot` the lab machine from the command line when you are done.
141 |
--------------------------------------------------------------------------------
3 | 
35 |
36 | 1. Complete the lab: 
48 |
49 | 1. Complete the lab here: 
34 |
35 | ## LAB
36 |
37 | This lab is designed to have the engineer practice securing a Linux environment by the use of bastion
38 | hosts and jailing users as they enter an air-gapped environment.
39 |
40 | ### Jailing a User
41 |
42 | 1. Follow the lab here answering the questions below as you progress:
43 | 
32 |
33 | 
156 |
--------------------------------------------------------------------------------
/.github/ISSUE_TEMPLATE/unit-bonus-body.md:
--------------------------------------------------------------------------------
1 | # Example Bonus 🍒 from LAC Unit 1 Bonus
2 |
3 | ---
4 |
5 | 
120 |
121 | ### Course Plan
122 |
123 | #### Instructional Methods
124 |
125 | This course is designed to promote learner-centered activities and support the development of Linux
126 | security skills. The course utilizes individual and group learning activities, performance-driven
127 | assignments, problem-based cases, projects, and discussions. These methods focus on building
128 | engaging learning experiences conducive to development of critical knowledge and skills that can be
129 | effectively applied in professional contexts.
130 |
131 | #### Class Size
132 |
133 | This class will effectively engage 40-60 learners.
134 |
135 | #### Class Schedule
136 |
137 | 
46 |
47 | 2. Complete the lab: 
78 |
79 | - Can you modify the file loki-write.py to say something related to your name?
80 |
81 | - Run this bash snippet and see if you can see your loki-writes
82 |
83 | ```bash
84 | curl -G -s "http://localhost:3100/loki/api/v1/query_range" \
85 | --data-urlencode 'query=sum(rate({job="lab_logging"}[10m])) by (level)' \
86 | --data-urlencode 'step=300' | jq
87 | ```
88 |
89 | - Can you modify that to see the actual entires? 
103 |
104 | 3. Complete the killercoda lab found here: