On 3 February 2015 at 13:34, PatrickD Garvey <patrickdgarveyt@xxxxxxxxx> wrote: > Now how about some specific sources you personally used to learn your > craft that we can use likewise? So many places it makes my brain hurt just thinking about it. Google and Wikipedia will keep you busy for a long while. Off the top of my head: There are some online "Security Handbooks" around (I think RedHat publish one) which lay some of the basic ground work. SANS (http://www.sans.org/) and OWASP (https://www.owasp.org/) have some good resources. If you are cashed up, you can even do courses with SANS. Reading about the security infrastructure that you are already using is a good idea, often accessible via mysterious things called "man pages". I learned a lot simply by reading about pam, iptables, and selinux. Thinking about you systems from a penetration testing perspective can be helpful. For example, "Always Learning" has just told us that he uses single character root passwords on his testing machines, that he is testing 7 days a week and does not turn off his test machines. A pen tester or cracker could use that information to formulate a potentially successful attack strategy. Google "free penetration testing tools". Only use the tools if you own the network or have written permission. Just reading about the tools can give you some insight into attack strategies that you should be defending against. Please don't try to attack "Always Learning". Download and unpack a copy of rkhunter. Have a look inside. Its just a bunch of bash scripts. Good insight into some surprisingly simple historical attacks. Google "linux security hardening". There are a lot of resources out there. The hard part is sifting out the gold from the crap. Sorry can help much there. There are many other people on this list who have a much better grasp on this stuff than me. Hope they chime in. Hope this helps, Kal _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos