Month 5-Security and Hardening¶
Goal: by the end of week 20 you can (a) author SELinux and AppArmor profiles for a service, (b) configure full-disk encryption with LUKS and explain the key derivation chain, (c) write a seccomp-bpf policy, and (d) ship an audited host that passes a basic CIS benchmark.
Weeks¶
- Week 17 - Discretionary and Mandatory Access Control
- Week 18 - Capabilities, Seccomp, no_new_privs
- Week 19 - Encryption at Rest: LUKS, dm-crypt, dm-verity
- Week 20 - Audit, Integrity Measurement, and Compliance