Security Hardening
Permissions, SELinux, and Sane Defaults
Untangle DAC, capabilities, and SELinux denials with a calm triage order.
- Duration
- 5 weeks · 40 lab hours
- Format
- Instructor-led bootcamp weeks 1-2, async after
- Skill level
- Advanced
- Certification path
- Security specialty prep
- Informational price
- ₩329,000
What the labs include
- SELinux booleans lab with before/after audits
- Capabilities workshop tied to least privilege service units
- AppArmor contrast module for teams evaluating both models
- Auditd rules that stay readable after six months
- SSH host key rotation rehearsal with customer comms template
- File ACL exercises with inheritance pitfalls called out
- Capstone: produce a hardening delta sheet for a sample host
Outcomes you can show a lead
- Trace an SELinux denial to a bounded fix without globally permissive modes
- Explain capability drops for a long-running daemon
- Ship a hardening checklist your manager can scan in two minutes
Responsible instructor
Eunji Han
Lab Platform Engineer with kernel-facing debugging habits.
FAQ
No. We include a comparison module, but SELinux remains the primary path.
Learner notes
The AVC triage ladder is taped above my desk now—sounds dramatic, but it saves time.