Ready to stop hoping your security holds and start verifying it?
Forget security theory—this is a practical application lab.
You will walk away with ready-to-use configuration files and deployment examples for SELinux and USBGuard, enabling you to construct a truly robust, attestable, and compliance-ready RHEL environment and implement this advanced security skill set the moment they return to work.
SELinux (Security-Enhanced Linux): We will move beyond basic permissive/enforcing modes to architect and troubleshoot custom Mandatory Access Control (MAC) policies, significantly limiting the damage from exploited processes. This will help you detect Compromised Services & Privilege Escalation.
USBGuard: USB Device Authorization Policy. Stops malicious USB devices (like "Rubber Ducky" or “BadUSB” keystroke injectors or firmware attacks) from executing automatically. It blocks unauthorized removable media, preventing both data exfiltration and malware introduction via physical ports.
Pre-requisites
Participants will need to bring A Laptop with an SSH Client installed to connect to a remote lab. If they want the ability to run the lab locally they will require a laptop with the following specs:
CPU. 4 Cores (with VT-x/AMD-V). To handle two RHEL instances simultaneously.
Storage. 40GB SSD Space. RHEL installations + snapshots for "undoing" mistakes.
Hypervisor. VMware, KVM, or VirtualBox 7+
Guest OS. RHEL 9.x ISO/Image. The target environment for the security tools.
