DURATION: 18 hours

CPE POINTS: On completion you get a certificate granting you 18 CPE points. 

This advanced, hands-on course reviews a highly technical approach to cover the important security features in Linux kernel. By proving the visibility into the attack vectors and possible security holes, this course provides a complete guide on how to mitigate security risks in any Linux environment.

This course gives detailed visibility into possible security attacks, monitoring, tracing, detecting and control at the Operating system level. It focuses on how security features are implemented and used.

Linux is used in an increasing number of devices at every level from IoT, smart building, energy devices, set-top-boxes, automotives in-vehicle infotainment to enterprise servers to cloud technologies. Increasingly these devices are being connected to networks and this can leave them vulnerable to remote attacks that can result in brand damage, financial liabilities and even safety issues.

Hardening Linux systems makes them more resistant to attack.

This course is a comprehensive look at the security challenges that can affect almost every system connected to the internet. Many of the features for securing Linux are built in to either the Linux kernel or added by one of the various Linux distributions.  This course focuses on the security features built in to the Linux kernel.

This course for systems developers who need to determine and secure the vulnerabilities in their system design. The course focuses on the capabilities and features that Linux provides to protect against security attacks and their applications. 

It is also for anyone interested in the topic of kernel security and vulnerabilities. 


What skills will you gain? 

  • Understanding discrete and mandatory access control
  • Using audit framework command tools
  • Using Selinux command tools
  • User interface to Linux security modules
  • Linux command line tools, shell
  • Linux kernel configuration tools and tool chain for kernel compilation
  • Audit command line tools for auditd feature
  • Selinux command tools for Selinux feature

What will you learn about? 

  • Hardening the linux operating system itself
  • How to deploy and use monitoring detection tools
  • The art and science of developing your Linux security policy and response strategy
  • How to configure your systems using the kernel security features


Course format:

  • Self-paced
  • Pre-recorded
  • Accessible even after you finish the course
  • No preset deadlines
  • Materials are video, labs, and text
  • All videos captioned

What should you know before you join? 

This is the technical training course aimed at engineers, so a basic level of knowledge in the following is required:

  • Experience with any major Linux distribution is helpful
  • Familiar with basic Linux command line tools
  • Familiar with Linux kernel configurations is helpful

What will you need? 

Linux distro with Linux kernel security feature enabled and needed tools used for labs.


Module 1 - Introduction to Linux kernel Security

With this module you will understand the basic security implemented in the Linux kernel and how this security can be enhanced using the extended security features.

Understanding the pros and cons of each feature that forms the building blocks of the security system.

  1. Linux security – DAC
  2. Extended linux security
    1. Posix ACLs
      1. Introduction
      2. What are ACLs
      3. Setting Posix ACLs
      4. Getting Posix ACLs
      5. Removing Posix ACLs
      6. Implementation of ACLs in Linux
      7. Extended security, system, file system and user attributes
      8. Examples
    2. Posix capabilities
      1. Introduction to capabilities
      2. SUID and capabilities
      3. List of Capabilities
      4. Examples
    3. Linux namespaces
      1. Types of namespaces
        1. Mount File system namespaces
        2. UTS: Hostname and domainname
        3. IPC
        4. PID
        5. Network
        6. User
        7. Cgroup
      2. List of system calls
        1. Unshare, clone,
      3. Examples of each namespace
    4. Network access control
      1. Netfilters
      2. Iptables
      3. Examples of each
    5. The kernel crypto API provides different API calls for
      1. Various cipher algorithm types
      2. Synchronous and Asynchronous crypto APIs
      3. Scatter gather cryptographic API
      4. User space interface
      5. Examples
    6. Exercises

All skills and knowledge acquired in this module will be tested in a practical assessment. 

Workload: 4.5 hours

Module 2 - Inside Linux Security Modules (LSM)

LSMs will help protect your system from being hacked when an attacker exploits the flaws in one of the running programs. They can be an important layer in any defense in-depth strategy on Linux systems and by understanding what protections they provide, you have better visibility on what resources to protect and how to implement these protections.

Linux security modules implement hooks at all security critical points inside the kernel. A user of the framework(LSM) can register with the API and receive callbacks from these hooks. The LSM allows different security models to be plugged into the kernel – typically providing access control frameworks. Some of the LSM implements the fine-grained mandatory access control to meet a wide range of security requirements from general purpose to government and military systems that manage classified information.

  1. What are LSMs
  2. Major, Minor and exclusive LSMs
  3. Types of LSMs
    1. SELINUX
  4. Example and usage of each of LSMs
  5. LSM Architecture
  6. Getting into the LSM hooks interfaces
    1. Data structures and 
    2. Hooks at various kernel subsystems
  7. Integration of an LSM to the kernel
  8. LSM stacking
  9. Building LSM skeleton with new LSM module and adding hooks
  10. Examples & exercises

All skills and knowledge acquired in this module will be tested in a practical assessment. 

Workload: 4.5 hours

Module 3: Linux Audit framework

One of the keys to protecting the system is to know what's going on inside the system – what files change, who has access to what and when and which application can get executed. Auditd is the best bet to monitor all of these activities. 

The audit logs are useful for analyzing system behavior and may help detect attempts at compromising the system. The auditing itself happens at the kernel level, which makes it much harder to subvert and provide accurate information if the system is compromised.

  1. Kernel audit framework architecture
  2. Data collection statistics
  3. User interface
    1. Configuring Audit daemon
    2. Controlling Audit system using auditctl command tool
    3. Passing parameters to audit system
    4. Configuration using audit rule set
      1. Adding basic configuration parameters
      2. Monitoring file system objects
      3. Monitoring system calls
      4. Monitoring processes
      5. Monitoring security files and configuration databases
  4. Understanding audit logs and generating reports
  5. Examples & exercises

All skills and knowledge acquired in this module will be tested in a practical assessment. 

Workload: 4.5 hours

Module 4: Kernel self-protection

1. Kernel self-protection

Kernel self-protection is the design and implementation of systems and structures within the Linux kernel to protect against security flaws in the kernel itself. 

2. Kernel vulnerabilities

  1. Area to improve kernel self protections
    1. Strict kernel memory permissions
    2. Executable code and read-only data must not be writable
    3. Function pointers and sensitive variables must not be writable
  2. Kernel configuration
  3. Command line options
  4. Kernel vulnerabilities
    1. Understanding and studying the kernel vulnerabilities
    2. Examples 
    3. Solutions
    4. Analysing the kernel vulnerability
  5. Examples & exercises

All skills and knowledge acquired in this module will be tested in a practical assessment. 

Workload: 4.5 hours

Final exam


  • Extensively involved in kernel and system product development and management
  • Linux device drivers and kernel sub systems
  • Embedded systems, BSP Support, board bring up, device tree support
  • Linux memory , DMA, CMA, IOMMU & SMMU drivers
  • Network drivers, Netlink, Netfilters, IPTables, N/W hardware acceleration engines
  • Storage -  SCSI/FCoE Subsystems
  • Enterprise and cloud system monitoring software based on Auditd, OSQuery frameworks
  • ARM TrustZone Security. SecureOS,
  • Linux kernel security, LSM modules, Kernel function tracing


  • Linux Systems and Kernel programming, Performance Analysis.
  • Interested in Embedded, IOT & Network Technologies and learning new Technologies
  • Linux system programming, kernel internals, device driver and FreeRTOS trainings.


If you have any questions, please contact us at [email protected].

Course Reviews


1 ratings
  • 5 stars0
  • 4 stars1
  • 3 stars0
  • 2 stars0
  • 1 stars0
  1. Great info


    The information on LSM’s was new to me, however I found the video presentation a little tedious at times, I would have preferred to read each module presentation like was available for module01.

© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023