Phase 8: Security

Linux security is built in layers. The kernel has mandatory access control (SELinux, AppArmor), audit logging, privilege separation mechanisms, and cryptographic trust chains from boot onward. Understanding these mechanisms is essential whether you're hardening a server, investigating an incident, or building secure software.

What You'll Learn

1. Linux Security Modules

The LSM framework — how SELinux and AppArmor hook into the kernel.

Advanced

2. SELinux

Type enforcement, policies, labels, and how to read AVC denials.

Advanced

3. AppArmor

Path-based MAC for Ubuntu and containers — profiles and modes.

Intermediate

4. auditd

Kernel audit subsystem — logging file access, system calls, and logins.

Intermediate

5. sudo Internals

How sudo works: setuid, PAM authentication, and sudoers rules.

Intermediate

6. SUID & SGID

How setuid programs work, privilege escalation risks, and auditing.

Intermediate

7. Linux Keyring

Kernel key management for credentials, encryption keys, and secrets.

Advanced

8. Secure Boot

How UEFI Secure Boot verifies the bootloader and kernel cryptographically.

Advanced

Frequently Asked Questions

What will I learn here?

This page covers the core concepts and techniques you need to understand the topic and progress confidently to the next lesson.

How should I use this page?

Start with the overview, then follow the section links to deepen your understanding. Use the table of contents on the right to jump to specific sections.

What should I read next?

Use the navigation below to continue to the next lesson or explore related topics.