Red Hat EX413 通过笔记

最近通过了EX413考试，在这里记录一下～

EX413是Red Hat RH413对应的考试，RH413主要涉及Linux主机加固内容。考试大概18题的样子，给两台虚拟机，然后按照各个题目要求进行安全加固配置，考过210分即通过。考完第二天就会收到Red Hat成绩单，效率很高。

Dear xxxx:

The results of your EX413 Exam 
are reported below.

Exam Domain Number:           5
Passing score for the exam:    210 
Your score:                    250

Result: PASS

Congratulations -- you have earned the EX413 
Certificate.

RH413所有章节：

Objective 1
Identify Red Hat Common Vulnerabilities and Exposures (CVEs) and Red Hat Security Advisories (RHSAs) and selectively update systems based on this information
Objective 2
Verify package security and validity
Objective 3
Identify and employ standards-based practices for configuring file system security, create and use encrypted file systems, tune file system features, and use specific mount options to restrict access to file system volumes.
Objective 4
Configure default permissions for users and use special file permissions, attributes, and access control lists (ACLs) to control access to files
Objective 5
Install and use intrusion detection capabilities in Red Hat Enterprise Linux to monitor critical system files
Objective 6
Manage user account security and user password security
Objective 7
Manage system login security using pluggable authentication modules (PAM)
Objective 8
Configure console security by disabling features that allow systems to be rebooted or powered off using bootloader passwords
Objective 9
Configure system-wide acceptable use notifications
Objective 10
Install, configure, and manage identity management services and configure identity management clients
Objective 11
Configure remote system logging services, configure system logging, and manage system log files using mechanisms such as log rotation and compression
Log Rotation
journal is a component of systemd for logging
journalctl is used for viewing the journal log
journal only logs in memory or a small ring file in /run/log/journal; to create persistent storage create the directory /var/log/journal
Objective 12
Configure system auditing services and review audit reports
Objective 13
Use network scanning tools to identify open network service ports and configure and troubleshoot system firewalling
References

考到的点有：

yum 配置更新，配置GPG－PUBKEY

安装部署IPA－server，IPA－client

目录，文件特殊权限

文件掩码

用户默认权限设置

PAM模块

文件系统ACL

等..