Security Hardening
Security Hardening for Linux Hosts
Apply kernel-hardening choices, auth tightening, and audit trails with pragmatic scope boundaries for busy teams.
JPY 61,000 informational tuition reference
Talk with intakeWhat this arc covers
Security is framed as layered decisions with tradeoffs, not buzzword bingo. You will walk through minimal privilege models, sane firewall baselines, and auditd rules that remain readable six months later. Labs include misconfigured hosts you must harden without locking yourself out. We discuss quality standards expectations in enterprise markets without pretending a single course replaces dedicated security teams.
Feature stack
- SSH posture matrix covering keys, jump hosts, and bastion patterns
- AppArmor and SELinux introductions with failure triage flows
- Host firewall recipes with explicit allow lists
- Kernel parameter labs with documented rollback paths
- Audit rule authoring that survives upgrades
- Service account hygiene for daemons and cron
- Evidence bundles suitable for external reviewers walkthroughs
Outcomes you can demonstrate
- Produce a host hardening sheet with rationale per control
- Demonstrate a safe lockout recovery using out-of-band access
- Prioritize findings using severity, exploitability, and blast radius
Responsible lead
Noah Iwata
Lab Platform Engineer building breakable hosts that teach restraint.
Learner notes
The AppArmor triage flow is now our onboarding doc. I dock one star only because the PDF export was finicky on Safari.
Rina · Platform engineer · 4/5 · Google
We translated the auditd section into a pilot on twelve buses' edge servers. Coaches answered thread questions within a day.
Alex · Civic transit IT
Practical questions
No. This is defensive hardening for administrators. Offensive topics appear only as context for control selection.
Yes, cloud-backed lab images reset hourly. Local VM import is optional for offline study.
We cannot cover every appliance firmware variant. Controls are Linux-first with notes where BSD diverges.