Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I've been working in the cybersecurity industry for about a decade, using Linux for IDS/hardening and general security. I was wondering what courses/certs folks would recommend most for Linux security to demonstrate knowledge, I could do the Linux+ route but I'd prefer to not have to memorize a bunch of stuff on mounting disks etc if I want to demonstrate security knowledge..Thanks!
I would suggest learning Linux more deeply if you want to posture as a security leader. For example, creating CIS Hardened operating systems for an organization. It can be frustrating as a user to have a security team mandate hardened systems but for them not be able to carry out the hardening (for example in the cloud) skills-wise. Security should be about relationship building and partnerships which is how you get buy-in from teams shifting security left.
In terms of certifications, lately I hear a lot of good things about CISSP. Following OWASP is another valuable knowledge base in addition to knowing CIS benchmarks.
I would suggest learning Linux more deeply if you want to posture as a security leader. For example, creating CIS Hardened operating systems for an organization. It can be frustrating as a user to have a security team mandate hardened systems but for them not be able to carry out the hardening (for example in the cloud) skills-wise. Security should be about relationship building and partnerships which is how you get buy-in from teams shifting security left.
In terms of certifications, lately I hear a lot of good things about CISSP. Following OWASP is another valuable knowledge base in addition to knowing CIS benchmarks.
Well said; was wondering how someone could be a cyber security expert and not know basics.
Well said; was wondering how someone could be a cyber security expert and not know basics.
It is quite possible because a lot of the intrusion and scanning tools make easy to consume reports from system and software scans. So a security team can scan, file tickets with teams, and not have a full grasp of what they're asking of others. This can lead to over communication without actionable feedback, cause tensions, and create noise with false positives.
However, OP seems interested in deepening their security posture as an expert and it is unavoidable to get deeper in to the systems aspect if they want to position themselves on the technical side of security work. CISSP also has a management track so I guess it kind of depends on OP's goal here.
It is quite possible because a lot of the intrusion and scanning tools make easy to consume reports from system and software scans. So a security team can scan, file tickets with teams, and not have a full grasp of what they're asking of others. This can lead to over communication without actionable feedback, cause tensions, and create noise with false positives.
However, OP seems interested in deepening their security posture as an expert and it is unavoidable to get deeper in to the systems aspect if they want to position themselves on the technical side of security work. CISSP also has a management track so I guess it kind of depends on OP's goal here.
True but as you said it leads to false positives and without having a real grasp of what they're doing how can you be in true expert? I wouldn't consider someone who looks at a tool and a graph and files a ticket an expert especially after a decade working in the field.
I'm fine with doing Linux+ if that's the best route. It looks increasingly like it is, since I am doing more projects with designing secure servers and hard drives.
I'm fine with doing Linux+ if that's the best route. It looks increasingly like it is, since I am doing more projects with designing secure servers and hard drives.
Linux+ would be good for fundamentals and then building on that would be implementing a CIS benchmark from scratch. I could implement a benchmark for one OS in a few weeks being lazy; a lot faster with focus. That is to say, it is feasible for one experienced person to tackle in a short period of time.
https://www.cisecurity.org/cis-benchmarks are free to download. If you don’t want to give them your info you could always use google-fu and search with filetype:pdf for benchmarks.
I called out the second bullet specifically because a lot of cloud operating systems (for example amazon linux) come as non-partitioned drives with the raw storage formatted to a filesystem (typically XFS). Because of that, you need to get fancy with loop devices, bind mounts, etc. I use similar techniques for configuring file-based swap storage in the cloud.
There’s application specific benchmarks as well such as tomcat and docker. From applications it kind of depends on your focus and the enterprise support you provide. I did this tomcat benchmark in my spare time because I support and run a lot of Java apps. https://github.com/samrocketman/docker-tomcat
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.