Description
Red Hat Enterprise Linux 8 Security Hardening
 Red Hat Enterprise Linux 8 Security Hardening. Master the practical techniques and industry best practices required to secure Red Hat Enterprise Linux (RHEL) 8 systems — from kernel and service hardening to SELinux, auditing, and compliance configuration. This hands-on course prepares sysadmins, security engineers, and DevOps professionals to reduce attack surface, meet compliance, and maintain secure, resilient RHEL 8 environments.
Course Overview
This course provides a step-by-step, practical approach to hardening RHEL 8 servers. Students will learn how to apply secure baseline configurations, enforce mandatory access control with SELinux, implement secure network services, manage user and privilege controls, configure auditing and logging, apply kernel and boot security measures, and validate systems against common benchmarks (CIS, STIG). Real-world labs use virtual machines and command-line tools so you can immediately apply techniques in production-like environments.
Who Should Attend
- System administrators managing RHEL 8 servers
- Security engineers responsible for Linux host hardening
- DevOps and SRE professionals implementing secure infrastructure
- IT auditors and compliance teams seeking practical RHEL 8 controls
Prerequisites
Familiarity with Linux command line, basic networking, and system administration concepts. Prior experience with RHEL or CentOS is recommended but not strictly required — the labs include refresher content.
Learning Outcomes
- Apply secure baseline configurations and automated hardening.
- Configure and enforce SELinux policies and troubleshoot common SELinux denial scenarios.
- Harden SSH, systemd services, and network-facing daemons.
- Implement user lifecycle and privilege management with sudo, PAM, and proper file permissions.
- Enable auditing, centralized logging, and retention to support forensic analysis.
- Harden bootloader, kernel parameters, and enable secure boot features where applicable.
- Validate systems against CIS benchmarks and prepare systems for regulatory compliance.
Detailed Syllabus / Modules
Module 1 — Security Fundamentals & Baselines
Threat model for Linux hosts, attack surface reduction, automated baseline tooling (Ansible & OpenSCAP), and package management hardening.
Module 2 — Identity, Accounts & Privilege Management
User lifecycle, secure password policies, sudo rules, PAM configuration, and locking down service accounts.
Module 3 — SELinux Deep Dive
SELinux modes, contexts, booleans, policy types, crafting custom policies, and troubleshooting with audit2allow and ausearch.
Module 4 — Network & Service Hardening
SSH hardening, service isolation with systemd, firewall (nftables) rules, and secure configuration of common services (HTTPD, DNS, SMTP).
Module 5 — Kernel, Boot, and Storage Security
Kernel parameter tuning, secure boot concepts, LUKS disk encryption best practices, and protecting /boot.
Module 6 — Auditing, Logging, and Forensics
Auditd rules, rsyslog/journald configuration, central logging strategies, and evidence collection for incident response.
Module 7 — Compliance & Benchmarking
Applying CIS benchmarks, automated compliance scanning, remediations, and preparing evidence for auditors.
Module 8 — Capstone Lab
Complete a full hardening workflow: baseline a fresh RHEL 8 install, remediate issues, enforce SELinux, enable auditing, and pass a compliance scan.
Course Features
- Duration: ~24 hours (self-paced labs + instructor walkthroughs)
- Format: Video lessons, CLI-focused labs, downloadable playbooks and cheat sheets
- Tools provided: Ansible playbooks, OpenSCAP profiles, sample auditd rules, SELinux policy snippets
- Certificate of completion and lab evidence package
Assessment & Certification
Practical lab assessments and a final capstone where you must demonstrate a hardened RHEL 8 host that meets specified CIS controls. A downloadable certificate is issued upon successful completion.
Frequently Asked Questions
- Do I need Red Hat subscription?
- Not strictly — labs can use CentOS Stream or RHEL trial images, but some modules reference Red Hat documentation and repositories where an active subscription is beneficial.
- Will this course prepare me for RHCSA/RHCE?
- This course focuses on security hardening; it complements RHCSA/RHCE system administration topics but is not a direct replacement for certification track training.
Reviews
There are no reviews yet.