On This Page

Hands on Linux Web Server Hardening and System Monitoring for PCI

DC801 Nemus | July 22-23 & July 24-25


How secure is your web infrastructure? How much information can an attacker learn about your environment from your system? What are the default options you need to disable and what additional packages and resource do you need to remove? How will attackers use this information to attack your systems?

Whether you are a Developer, System Administrator, or Payment Card Industry (PCI) Qualified Security Assessor (QSA), anyone who wants to understand the technical requirements of PCI specification will find this class invaluable. Armed with a foundational understanding of Linux Web Application stack security you'll be able to audit and secure your systems against compromise checking off various PCI requirements with ease. Even if you're not in a PCI environment, the information and tools in this class are critical to making sure your user's data is safe, and the integrity of your server environment is sound.

This course starts off with a hands-on lab of Vulnerability Assessments using OpenVAS, then moves on to Operating System hardening and Web Application defense through the use of ModSecurity and then ends with system monitoring and honey detection using Elasticsearch, Logstash, Kibana (ELK) stack.

Each student is given a Centos 7 vagrant image they configure and secure themselves. An OpenVAS system image they use for Vulnerability Assessment scanning and an ELK stack image students configure for monitoring and alerting of security events.

After leaving the class, attendees will have the ability and tools needed to build and audit systems that are capable of fulfilling requirements defined by Payment Card Industry (PCI) standards and have the tools they need to monitor security events in a production environment.

Vulnerability Assessment using OpenVAS.
  • Linux Hardening
  • Intro to Vagrant
  • Understanding an attack
  • Demoing Exploits
  • Shellshock and other recent vulnerabilities
  • Overview of https://benchmarks.cisecurity.org/
  • Partitioning
  • Sudo
  • Uninstall Disable/Unneeded Services
  • Fstab
  • Grub
  • Sysctl
  • Iptables / FirewallD
  • Hardening SSH
  • Hardening PAM Configuration
  • SELinux (stop turning it off)
  • Audit2allow
  • Audit Deamon Configuration
  • Rsyslog
  • NTP
  • Aide
  • Fail2ban
  • Denyhosts
  • ClamAV
  • Honey Files
  • Honey Ports

OSSEC Overview

A quick overview of Browser Security
  • Cookies
  • Sessions Tokens
  • CORS
  • XSS
  • CSRF
  • Click Jacking

  • Minimal Secure Defaults
  • Options Directive
  • Symbolic Links / mod_alias
  • .htaccess
  • AllowOverride
  • Information Leakage
  • Remove Unused Apache Modules
  • SELinux config options
  • TLS Audit and Configuration Security
  • Mod_evasive
  • WAF - Mod Security
  • Honey Domains
  • Honey URLs
  • User Agent Blocking

Nginx Load Balancing/ HaProxy
  • Secure Load Balancing.
  • Honey Pot Redirection

Applying Hardening to PHP
  • php.ini
  • PHP Session Security
  • Dangerous Functions
  • Removal of Unneeded PHP Modules

Hardening MariaDB / MySQL
  • Stunnel
  • My.ini
  • SSL Connection
  • Encryption
  • User Permissions
  • Dangerous MySQL Functions
  • MySQL Log File Shipping
  • User Define Functions
  • Stored Procedures
  • Monitoring SQL Logs
  • Honey Tokens
  • Honey Tables

Monitoring Using the ELK Stack
  • Logstash forwarder
  • Logstash parser
  • Elasticsearch
  • Kibana
  • Reducing Noise
  • MySQL Log Monitoring
  • Auditd Monitoring
  • Honey Monitoring
  • Slack Alerting
  • IRC Alerting

Who Should Take this Course

This course is designed for beginning to intermediate Linux users. System Administrators, Dev Ops Engineers, and Payment Card Industry (PCI) Qualified Security Assessors.

Student Requirements

Students should have a practical understanding of Linux or UNIX CLI environments.

What Students Should Bring

Students should bring a laptop with at least 8GB of memory. Students should have full administrative permissions on laptops with the ability to install and run Virtual Box and Vagrant. The laptop operating system can be 32 or 64-bit, but 64-bit is recommended.

What Students Will Be Provided With

Each student will receive a USB thumb drive containing the slides, virtual machines and scripts used in the course.


Lance works as a Vice President of Engineering in the payment industry developing software and engineering computer systems that transfer large scale amounts of money between banks. He has over seven years of experience securing systems in PCI environments and auditing banking infrastructure. He is a founding member of 801 Labs; a hackerspace located in Salt Lake City and is an active member of his local Defcon group DC801. Lance has a BS in Computer Science and is a certified GIAC Web Application Penetration Tester (GWAPT).