homepage
Open menu
Go one level top
  • Train and Certify
    Train and Certify

    Immediately apply the skills and techniques learned in SANS courses, ranges, and summits

    • Overview
    • Courses
      • Overview
      • Full Course List
      • By Focus Areas
        • Cloud Security
        • Cyber Defense
        • Cybersecurity and IT Essentials
        • DFIR
        • Industrial Control Systems
        • Offensive Operations
        • Management, Legal, and Audit
      • By Skill Levels
        • New to Cyber
        • Essentials
        • Advanced
        • Expert
      • Training Formats
        • OnDemand
        • In-Person
        • Live Online
      • Free Course Demos
    • Training Roadmaps
      • Skills Roadmap
      • Focus Area Job Roles
        • Cyber Defense Job Roles
        • Offensive Operations Job Roles
        • DFIR Job Roles
        • Cloud Job Roles
        • ICS Job Roles
        • Leadership Job Roles
      • NICE Framework
        • Security Provisionals
        • Operate and Maintain
        • Oversee and Govern
        • Protect and Defend
        • Analyze
        • Collect and Operate
        • Investigate
        • Industrial Control Systems
      • European Skills Framework
    • GIAC Certifications
    • Training Events & Summits
      • Events Overview
      • Event Locations
        • Asia
        • Australia & New Zealand
        • Latin America
        • Mainland Europe
        • Middle East & Africa
        • Scandinavia
        • United Kingdom & Ireland
        • United States & Canada
      • Summits
    • OnDemand
    • Get Started in Cyber
      • Overview
      • Degree and Certificate Programs
      • Scholarships
      • Free Training & Resources
    • Cyber Ranges
  • Manage Your Team
    Manage Your Team

    Build a world-class cyber team with our workforce development programs

    • Overview
    • Why Work with SANS
    • Group Purchasing
    • Build Your Team
      • Team Development
      • Assessments
      • Private Training
      • Hire Cyber Professionals
      • By Industry
        • Health Care
        • Industrial Control Systems Security
        • Military
    • Leadership Training
      • Leadership Courses
      • Executive Cybersecurity Exercises
  • Security Awareness
    Security Awareness

    Increase your staff’s cyber awareness, help them change their behaviors, and reduce your organizational risk

    • Overview
    • Products & Services
      • Security Awareness Training
        • EndUser Training
        • Phishing Platform
      • Specialized
        • Developer Training
        • ICS Engineer Training
        • NERC CIP Training
        • IT Administrator
      • Risk Assessments
        • Knowledge Assessment
        • Culture Assessment
        • Behavioral Risk Assessment
    • OUCH! Newsletter
    • Career Development
      • Overview
      • Training & Courses
      • Professional Credential
    • Blog
    • Partners
    • Reports & Case Studies
  • Resources
    Resources

    Enhance your skills with access to thousands of free resources, 150+ instructor-developed tools, and the latest cybersecurity news and analysis

    • Overview
    • Webcasts
      • Webcasts Listings
      • Live Streams
        • Wait Just An Infosec
        • Cybersecurity Leadership
        • SANS Threat Analysis Rundown (STAR)
    • Free Cybersecurity Events
      • Free Events Overview
      • Summits
      • Solutions Forums
      • Community Nights
    • Content
      • Newsletters
        • NewsBites
        • @RISK
        • OUCH! Newsletter
      • Blog
      • Podcasts
        • Blueprint
        • Trust Me, I'm Certified
        • Cloud Ace
        • Wait Just an Infosec
      • Summit Presentations
      • Posters & Cheat Sheets
    • Internet Storm Center
    • Research
      • White Papers
      • Security Policies
    • Tools
    • Focus Areas
      • Cyber Defense
      • Cloud Security
      • Digital Forensics & Incident Response
      • Industrial Control Systems
      • Cyber Security Leadership
      • Offensive Operations
      • Open-Source Intelligence (OSINT)
  • Get Involved
    Get Involved

    Help keep the cyber community one step ahead of threats. Join the SANS community or begin your journey of becoming a SANS Certified Instructor today.

    • Overview
    • Join the Community
    • Work Study
    • Teach for SANS
    • CISO Network
    • Partnerships
    • Sponsorship Opportunities
  • About
    About

    Learn more about how SANS empowers and educates current and future cybersecurity practitioners with knowledge and skills

    • SANS
      • Overview
      • Our Founder
      • Awards
    • Instructors
      • Our Instructors
      • Full Instructor List
    • Mission
      • Our Mission
      • Diversity
      • Scholarships
    • Contact
      • Contact Customer Service
      • Contact Sales
      • Press & Media Enquiries
    • Frequent Asked Questions
    • Customer Reviews
    • Press
    • Careers
  • Contact Sales
  • SANS Sites
    • Brazil
    • France
    • Japan
    • United Kingdom
  • Search
  • Log In
  • Join
    • Account Dashboard
    • Log Out
  1. Home >
  2. Courses >
  3. SEC406: Linux Security for InfoSec Professionals
Beta

SEC406: Linux Security for InfoSec Professionals

    30 CPEs

    In today's fast-paced threat landscape, proficiency in Linux is not optional - it's essential. Hackers know how to use Linux and a single unsecured Linux box could be all it takes for your organization to fall victim to a devastating cyberattack. Whether you are defensive, offensive, performing incident response, or working in mobile or ICS, this course will equip you with the fundamental proficiency, knowledge, and tools needed to stay ahead of the game. Acquire yours by taking our practical, hands-on training.

    Course Authors:
     Mark  Baggett
    Mark Baggett
    Senior Instructor
     Charles  Goldner
    Charles Goldner
    Certified Instructor
    What You Will LearnSyllabusLaptop RequirementsAuthor Statement

    What You Will Learn

    Most new Information Security Professionals are more familiar with Windows than Linux, yet many of the critical tools used in today's offensive, defensive, ICS, and forensics positions require a strong understanding of Linux. This presents a serious challenge for those without the requisite experience because these systems are frequently utilized in highly exposed environments such as DMZs and the cloud. The irony is that now our information security platforms are creating new security risks. This Linux security course solves the problem by offering numerous hands-on exercises allowing students to quickly develop the Linux skills necessary to become a valuable asset to any Information Security team.

    This Linux security training focuses on the fundamental aspects of Linux Administration, covering topics such as configuring a secure Linux system, working with the command line, and managing users and permissions. It also emphasizes the security aspects of these skills, teaching students how to secure their Linux systems and defend against potential attacks. You will learn how a misconfiguration introduces a vulnerability, how to attack that vulnerability and how to mitigate those risks. Upon completing the course, students will have the knowledge and skills required to secure Linux systems, identify potential security threats, and implement appropriate measures to prevent them. With our course, you can gain the experience necessary to become a skilled and confident Linux user, ensuring that you are an asset rather than a liability to your employer.

    Who Should Attend

    This Linux security class is suitable for a wide range of professionals who work with Linux systems and want to learn about securing them. Whether you are a system administrator, DevOps professional, security professional, network defender, blue-team, red-team, ICS, incident-responder, or cloud architect, this class will provide you with the knowledge and skills you need to secure your Linux-based infrastructure. By attending this class, you will learn about Linux security concepts, best practices, and tools, and how to implement them in your organization. 

    You Will Be Able To

    In this course, you will gain essential skills that will transform the way you work with a Linux-based Operating System. Starting in section one, you will navigate around your computer with ease using the terminal and master advanced file management techniques to boost productivity. By section two, you will understand how to customize your environment and locate programs. We will also cover everything you need to know about user accounts and groups. In section three, we will discuss file and system access controls and techniques to maintain robust system security. With section four, you'll discover how to manage your computer's resources and monitor its performance, whether you're working with a server or cloud-based systems. Finally, in section five, you'll unlock the power of package management, remote server management via SSH, networking, and other impressive tips and tricks. With our course, you will gain the confidence and proficiency to achieve more with your computer than you ever thought possible!

    Syllabus (30 CPEs)

    • Overview

      In this gentle orientation to Linux you will be introduced to the operating system, kernel, and the terminal. Here we begin by discussing essential skills such as using a terminal to navigate and identify programs. You will learn how to find and execute Linux programs and how to refine the results returned using appropriate options and parameters found in the manual pages. We will cover how to find help when you don’t know how to use a command. We will teach you how history and command completion can level up your terminal skills and speed up your commands. Managing files within Linux is unique and we will cover various tips and tricks to make you an expert at this complicated subject. You will learn to know how and where files exist in the filesystem. This section concludes with a discussion on the Visual Editor which is a crucial skill for security and administration of any Linux system. By the end of this section, you will know how to use the terminal effectively, including understanding basic commands, file system navigation, and program execution. These skills will enable you to locate and launch programs, refine search results, and leverage manual pages.

      Exercises
      • lab1.1_intro_to_shell
      • lab1.2_linux_commands
      • lab1.3_tab_complete
      • lab1.4_history
      • lab1.5_navigating
      • lab1.6_file_management
      • lab1.7_file_management2
      • lab1.8_vi
      Topics
      • Kernel, Operating System, and Distributions
      • Terminals
      • Manual pages
      • Command History
      • Navigation
      • File Management
      • Visual Editor
    • Overview

      Digging into the terminal commands straight away is the best way to build muscle memory. This section builds off the terminal skills of section one. You will learn how to search for files within the filesystem and the various ways that grep can be used to search for information within files. Operating system functions and user experience are highly configurable, and we will learn how to modify our environment using variables and aliases and how that can be abused by a malicious actor. Every system contains some type of authentication mechanism for accounts and groups. We will explore how to manage accounts, discover and change the groups those accounts belong to, and how to switch between accounts. We will also cover how to manage file ownership. You will gain advanced file management techniques, including creating, copying, moving, and deleting files and directories, as well as using filters and pipes.

      Exercises
      • lab2.1_finding_files
      • lab2.2_grep
      • lab2.3_environment_variables
      • lab2.4_aliases
      • lab2.5_redirection_piping
      • lab2.6_user_mgmt
      • lab2.7_group_mgmt
      • lab2.8 file_ownership
      Topics
      • Searching the Filesystem
      • Various Forms of Grep
      • Environment Variables and Aliases
      • Account Management
      • Switching users
      • Group management
      • File Ownership
    • Overview

      Section three covers essential user access control concepts, including restricting administrative privileges, permissions, and security. Users interact with the filesystem in various ways with different levels of access. If you come to this class with a networking background, you know this as Authentication, Authorization, and Accounting. If you come into the class with a Windows background, you probably think of this as managing users and groups. We will translate those skills into the Linux world. 


      We will learn how to ensure accounts have least-privilege access. Least privilege can be implemented in multiple ways, and we will cover how to do that with file level permissions and ownership. You will learn how to secure and appropriately leverage administrative credentials and closely guard them with Least Required Privilege. You will learn some of the tools available that can verify system settings are applied by auditing your system.

      Exercises
      • lab3.1_file_permissions
      • lab3.2_file_permissions2
      • lab3.3_special_permissions
      • lab3.4_special_permissions2
      • lab3.5_special_permissions3
      • lab3.6_permission_practical
      • lab3.7_sudoers_config
      • lab3.8_sudoers_config2
      • lab3.9_system_hardening
      Topics
      • File permissions
      • Special permissions
      • Sudoers
      • SELinux and AppArmor
    • Overview

      Resource management and system monitoring skills, such as understanding processes, system load, and memory usage, are fundamental to working with servers and cloud-based systems. As you move resources to the cloud and establish micro-services in containers, knowing how to limit the resources consumed is a good security practice and can prevent you from incurring unanticipated costs. Managing system resources is how we can maintain the availability of our servers and prevent you from losing time and money. Since everything in Linux is essentially a file, we can look at running process file information and how to manage the processes running on our distributions. In addition, we will look at what a core dump is and how it can be abused.


      You will also learn several essential skills that enable your incident response process and continuous monitoring. Those essential skills will include things like scheduling tasks on Linux, keeping historical record of user activity, centralized logging, log rotation, and how to effectively manage and review those logs.

      Exercises
      • lab4.1_managing_processes
      • lab4.2_jobs_control
      • lab4.3_jobs_control2
      • lab4.4_managing_crontab
      • lab4.5_managing_services
      • lab4.6_managing_logrotate
      • lab4.7_managing_syslog
      Topics
      • Resource limits
      • Process management and Scheduling
      • Services, Systemd, and init
      • Logging and Log Rotation
      • Auditd
    • Overview

      Section five provides you with the opportunity to delve into package management, remote server management via SSH, networking, and other advanced tips and tricks. Like any operating system, we must keep our distributions up to date or we may need a new tool installed to accomplish a task. Often this is done through a package manager. You will learn how to leverage python virtual environments, configure, and manage the built-in package manager, and compile packages after a code review. You will learn encryption of data (at rest and in transit), and how that provides the necessary confidentiality from prying eyes. We will cover how to properly leverage SSH, SCP, and OpenSSL to secure communications. Linux is the basis for most of the networking gear out there. You can even use it as a router and firewall if you wish. We will cover how to manage networking settings and the host-based firewall.

      Exercises
      • lab5.1_managing_python
      • lab5.2_installing_with_apt
      • lab5.3_installing_from_source
      • lab5.4_ssh-keys
      • lab5.5_ssh-config
      • lab5.6_ssh-agent
      • lab5.7_ssh-forwarding
      • lab5.8_firewalls
      Topics
      • Python package management
      • Installing and Running Open Source Software
      • Linux package management
      • SSH, Tunneling, and Post-Quantum Cryptography
      • Networking and Firewalls

    Laptop Requirements

    Important! Bring your own system configured according to these instructions.

    A properly configured system is required to fully participate in this course. If you do not carefully read and follow these instructions, you will not be able to fully participate in hands-on exercises in your course. Therefore, please arrive with a system meeting all of the specified requirements.

    Back up your system before class. Better yet, use a system without any sensitive/critical data. SANS is not responsible for your system or data.

    MANDATORY SEC406 SYSTEM HARDWARE REQUIREMENTS

    • CPU: 64-bit Intel i5/i7 (8th generation or newer), or AMD equivalent. A x64 bit, 2.0+ GHz or newer processor is mandatory for this class.
    • CRITICAL: Apple systems using the M1/M2 processor line cannot perform the necessary virtualization functionality and therefore cannot in any way be used for this course.
    • BIOS settings must be set to enable virtualization technology, such as "Intel-VTx" or "AMD-V" extensions. Be absolutely certain you can access your BIOS if it is password protected, in case changes are necessary.
    • 8GB of RAM or more is required.
    • 15GB of free storage space or more is required.
    • At least one available USB 3.0 Type-A port. A Type-C to Type-A adapter may be necessary for newer laptops. Some endpoint protection software prevents the use of USB devices, so test your system with a USB drive before class.
    • Wireless networking (802.11 standard) is required. There is no wired Internet access in the classroom.

    MANDATORY SEC406 HOST CONFIGURATION AND SOFTWARE REQUIREMENTS

    • Your host operating system must be the latest version of Windows 10, Windows 11, or macOS 10.15.x or newer.
    • Fully update your host operating system prior to the class to ensure you have the right drivers and patches installed.
    • Linux hosts are not supported in the classroom due to their numerous variations. If you choose to use Linux as your host, you are solely responsible for configuring it to work with the course materials and/or VMs.
    • Local Administrator Access is required. (Yes, this is absolutely required. Don't let your IT team tell you otherwise.) If your company will not permit this access for the duration of the course, then you should make arrangements to bring a different laptop.
    • You should ensure that antivirus or endpoint protection software is disabled, fully removed, or that you have the administrative privileges to do so. Many of our courses require full administrative access to the operating system and these products can prevent you from accomplishing the labs.
    • Any filtering of egress traffic may prevent accomplishing the labs in your course. Firewalls should be disabled or you must have the administrative privileges to disable it.
    • Download and install VMware Workstation Pro 16.2.X+ or VMware Player 16.2.X+ (for Windows 10 hosts), VMware Workstation Pro 17.0.0+ or VMware Player 17.0.0+ (for Windows 11 hosts), or VMWare Fusion Pro 12.2+ or VMware Fusion Player 11.5+ (for macOS hosts) prior to class beginning. If you do not own a licensed copy of VMware Workstation Pro or VMware Fusion Pro, you can download a free 30-day trial copy from VMware. VMware will send you a time-limited serial number if you register for the trial at their website. Also note that VMware Workstation Player offers fewer features than VMware Workstation Pro. For those with Windows host systems, Workstation Pro is recommended for a more seamless student experience.
    • On Windows hosts, VMware products might not coexist with the Hyper-V hypervisor. For the best experience, ensure VMware can boot a virtual machine. This may require disabling Hyper-V. Instructions for disabling Hyper-V, Device Guard, and Credential Guard are contained in the setup documentation that accompanies your course materials.
    • Download and install 7-Zip (for Windows Hosts) or Keka (for macOS hosts). These tools are also included in your downloaded course materials.

    Your course media is delivered via download. The media files for class can be large. Many are in the 40-50GB range, with some over 100GB. You need to allow plenty of time for the download to complete. Internet connections and speed vary greatly and are dependent on many different factors. Therefore, it is not possible to give an estimate of the length of time it will take to download your materials. Please start your course media downloads as soon as you get the link. You will need your course media immediately on the first day of class. Do not wait until the night before class to start downloading these files.

    Your course materials include a "Setup Instructions" document that details important steps you must take before you travel to a live class event or start an online class. It may take 30 minutes or more to complete these instructions.

    Your class uses an electronic workbook for its lab instructions. In this new environment, a second monitor and/or a tablet device can be useful for keeping class materials visible while you are working on your course's labs.

    If you have additional questions about the laptop specifications, please contact laptop_prep@sans.org

    Author Statement

    "Linux is an essential component of today's technology ecosystem, powering critical infrastructure across the spectrum. If you want to enhance your security knowledge and skills, there is no better place to start than SEC406. Our class offers a hands-on approach that will enable you to acquire the essential knowledge and skills required to effectively manage and secure a Linux system. When I look back on my own journey into the security field, I realize that taking a course on Linux Security would have been an invaluable first step. Join us and gain the expertise you need to succeed in the security industry and advance your career. Are you ready to take that first step?" – Charlie Goldner

    "I’ve been thinking about how my career could have been different if this course had been available when I first started using computers. In those days, my lack of knowledge in Linux prevented me from utilizing the full potential of open-source tools. Fast forward to today, where technology is predominantly cloud based and reliant on Linux systems, these essential skills have never been more important. That is why I am so excited about bringing this course to a wider audience and assisting them in unleashing the power of Linux Administration and Security." – Mark Baggett

    No scheduled events for this course.

    Who Should Attend SEC406?

    • Anyone who manages Linux servers and is responsible for ensuring the security of those systems.
    • Everyone who deploys and manages applications on Linux-based cloud solutions.
    • Security professionals who want to learn about Linux security best practices and how to implement them in their organization.
    • Technology professionals who want to gain a deeper understanding of Linux security concepts and improve their skills in securing Linux systems.
    • Anyone interested in learning about Linux security and how to protect their organization's systems and data from cyber threats.

    Related Programs

    DoDD 8140
    DoDD 8140 (0)
    See how this and other SANS Courses and GIAC Certifications align with the Department of Defense Directive 8140.
    • Register to Learn
    • Courses
    • Certifications
    • Degree Programs
    • Cyber Ranges
    • Job Tools
    • Security Policy Project
    • Posters & Cheat Sheets
    • White Papers
    • Focus Areas
    • Cyber Defense
    • Cloud Security
    • Cybersecurity Leadership
    • Digital Forensics
    • Industrial Control Systems
    • Offensive Operations
    Subscribe to SANS Newsletters
    Receive curated news, vulnerabilities, & security awareness tips
    United States
    Canada
    United Kingdom
    Spain
    Belgium
    Denmark
    Norway
    Netherlands
    Australia
    India
    Japan
    Singapore
    Afghanistan
    Aland Islands
    Albania
    Algeria
    American Samoa
    Andorra
    Angola
    Anguilla
    Antarctica
    Antigua and Barbuda
    Argentina
    Armenia
    Aruba
    Austria
    Azerbaijan
    Bahamas
    Bahrain
    Bangladesh
    Barbados
    Belarus
    Belize
    Benin
    Bermuda
    Bhutan
    Bolivia
    Bonaire, Sint Eustatius, and Saba
    Bosnia And Herzegovina
    Botswana
    Bouvet Island
    Brazil
    British Indian Ocean Territory
    Brunei Darussalam
    Bulgaria
    Burkina Faso
    Burundi
    Cambodia
    Cameroon
    Cape Verde
    Cayman Islands
    Central African Republic
    Chad
    Chile
    China
    Christmas Island
    Cocos (Keeling) Islands
    Colombia
    Comoros
    Cook Islands
    Costa Rica
    Croatia (Local Name: Hrvatska)
    Curacao
    Cyprus
    Czech Republic
    Democratic Republic of the Congo
    Djibouti
    Dominica
    Dominican Republic
    East Timor
    East Timor
    Ecuador
    Egypt
    El Salvador
    Equatorial Guinea
    Eritrea
    Estonia
    Ethiopia
    Falkland Islands (Malvinas)
    Faroe Islands
    Fiji
    Finland
    France
    French Guiana
    French Polynesia
    French Southern Territories
    Gabon
    Gambia
    Georgia
    Germany
    Ghana
    Gibraltar
    Greece
    Greenland
    Grenada
    Guadeloupe
    Guam
    Guatemala
    Guernsey
    Guinea
    Guinea-Bissau
    Guyana
    Haiti
    Heard And McDonald Islands
    Honduras
    Hong Kong
    Hungary
    Iceland
    Indonesia
    Iraq
    Ireland
    Isle of Man
    Israel
    Italy
    Jamaica
    Jersey
    Jordan
    Kazakhstan
    Kenya
    Kiribati
    Korea, Republic Of
    Kosovo
    Kuwait
    Kyrgyzstan
    Lao People's Democratic Republic
    Latvia
    Lebanon
    Lesotho
    Liberia
    Liechtenstein
    Lithuania
    Luxembourg
    Macau
    Macedonia
    Madagascar
    Malawi
    Malaysia
    Maldives
    Mali
    Malta
    Marshall Islands
    Martinique
    Mauritania
    Mauritius
    Mayotte
    Mexico
    Micronesia, Federated States Of
    Moldova, Republic Of
    Monaco
    Mongolia
    Montenegro
    Montserrat
    Morocco
    Mozambique
    Myanmar
    Namibia
    Nauru
    Nepal
    Netherlands Antilles
    New Caledonia
    New Zealand
    Nicaragua
    Niger
    Nigeria
    Niue
    Norfolk Island
    Northern Mariana Islands
    Oman
    Pakistan
    Palau
    Palestine
    Panama
    Papua New Guinea
    Paraguay
    Peru
    Philippines
    Pitcairn
    Poland
    Portugal
    Puerto Rico
    Qatar
    Reunion
    Romania
    Russian Federation
    Rwanda
    Saint Bartholemy
    Saint Kitts And Nevis
    Saint Lucia
    Saint Martin
    Saint Vincent And The Grenadines
    Samoa
    San Marino
    Sao Tome And Principe
    Saudi Arabia
    Senegal
    Serbia
    Seychelles
    Sierra Leone
    Sint Maarten
    Slovakia
    Slovenia
    Solomon Islands
    South Africa
    South Georgia and the South Sandwich Islands
    South Sudan
    Sri Lanka
    St. Helena
    St. Pierre And Miquelon
    Suriname
    Svalbard And Jan Mayen Islands
    Swaziland
    Sweden
    Switzerland
    Taiwan
    Tajikistan
    Tanzania
    Thailand
    Togo
    Tokelau
    Tonga
    Trinidad And Tobago
    Tunisia
    Turkey
    Turkmenistan
    Turks And Caicos Islands
    Tuvalu
    Uganda
    Ukraine
    United Arab Emirates
    United States Minor Outlying Islands
    Uruguay
    Uzbekistan
    Vanuatu
    Vatican City
    Venezuela
    Vietnam
    Virgin Islands (British)
    Virgin Islands (U.S.)
    Wallis And Futuna Islands
    Western Sahara
    Yemen
    Yugoslavia
    Zambia
    Zimbabwe

    By providing this information, you agree to the processing of your personal data by SANS as described in our Privacy Policy.

    This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
    • © 2023 SANS™ Institute
    • Privacy Policy
    • Terms and Conditions
    • Contact
    • Careers
    • Twitter
    • Facebook
    • Youtube
    • LinkedIn