Course Objective

Fundamental principles of operating systems and operational security, including process and resource management, security capabilities and limitations, authentication, security policies, sandbox, soft

Operating Systems and Operational Security

14-Week Course Syllabus (Linux-Focused)

PHASE 1: FOUNDATIONS (Weeks 1-4)

1

Week 1: Introduction to Operating Systems

Topic: What is an Operating System? Architecture and Components

Learning Objectives:

  • Define the role and purpose of an operating system

  • Identify the major components of an OS (kernel, shell, system libraries)

  • Differentiate between kernel space and user space

  • Explain the history and evolution of Unix/Linux systems

  • Set up a Linux environment for coursework

Lab Activity: Install Ubuntu or Debian in a virtual machine. Explore the terminal, identify running processes with ps, and examine the directory structure using ls, cd, and tree.

Recommended Resources:

  • "Operating System Concepts" by Silberschatz, Chapter 1-2

  • Linux Foundation: Introduction to Linux (free course)

2

Week 2: The Linux Kernel and Boot Process

Topic: Kernel Architecture, Boot Sequence, and System Initialization

Learning Objectives:

  • Describe the monolithic vs. microkernel architecture

  • Trace the Linux boot process (BIOS/UEFI → GRUB → Kernel → Init)

  • Understand systemd and its role in service management

  • Analyze kernel modules and their functions

  • Interpret boot logs and troubleshoot boot issues

Lab Activity: Examine boot logs using dmesg and journalctl -b. List loaded kernel modules with lsmod. Modify GRUB settings and observe boot behavior. Enable/disable services with systemctl.

Recommended Resources:

  • "How Linux Works" by Brian Ward, Chapters 1, 5

  • Arch Wiki: Boot Process

3

Week 3: Shell and Command Line Fundamentals

Topic: Bash Shell, Commands, Scripting Basics, and Environment

Learning Objectives:

  • Navigate the Linux file system confidently

  • Use essential commands (grep, find, awk, sed, pipes, redirection)

  • Write basic Bash scripts for automation

  • Understand environment variables and PATH

  • Recognize the security implications of shell commands

Lab Activity: Write a Bash script that monitors disk usage and sends an alert when usage exceeds 80%. Practice using pipes to chain commands. Create and modify environment variables.

Recommended Resources:

  • "The Linux Command Line" by William Shotts (free online)

  • Bash Reference Manual (GNU)

4

Week 4: Process Management

Topic: Processes, Threads, Scheduling, and Inter-Process Communication

Learning Objectives:

  • Explain process states and lifecycle (creation, execution, termination)

  • Differentiate between processes and threads

  • Understand Linux scheduling algorithms (CFS)

  • Use process management tools (ps, top, htop, kill, nice)

  • Describe inter-process communication (IPC) mechanisms

Lab Activity: Create a multi-process program using fork() in C. Monitor processes with top and htop. Adjust process priority using nice and renice. Explore /proc filesystem for process information.

Recommended Resources:

  • "Operating System Concepts" by Silberschatz, Chapters 3-5

  • Linux man pages: fork(2), exec(3), signal(7)

PHASE 2: CORE CONCEPTS (Weeks 5-9)

1

Week 5: Memory Management

Topic: Virtual Memory, Paging, Swapping, and Memory Protection

Learning Objectives:

  • Explain virtual memory concepts and address translation

  • Describe paging and page tables in Linux

  • Understand swap space and its configuration

  • Analyze memory usage with system tools

  • Recognize memory-related security issues (memory isolation)

Lab Activity: Monitor memory usage with free, vmstat, and /proc/meminfo. Configure swap space. Write a C program that demonstrates memory allocation and observe with valgrind for leaks.

Recommended Resources:

  • "Operating System Concepts" by Silberschatz, Chapters 8-9

  • "Understanding the Linux Kernel" by Bovet & Cesati, Chapter 8

2

Week 6: File Systems and Storage

Topic: Linux File Systems, Mounting, Inodes, and Disk Management

Learning Objectives:

  • Compare file system types (ext4, XFS, Btrfs, ZFS)

  • Understand inodes, hard links, and symbolic links

  • Mount and unmount file systems

  • Partition and format disks using fdisk/parted

  • Implement RAID concepts for data redundancy

Lab Activity: Create partitions on a virtual disk using fdisk. Format with mkfs.ext4. Mount file systems and configure /etc/fstab for persistent mounting. Create hard and symbolic links and observe inode behavior.

Recommended Resources:

  • "How Linux Works" by Brian Ward, Chapter 4

  • Red Hat Documentation: Managing File Systems

3

Week 7: Users, Groups, and File Permissions

Topic: User Management, Ownership, Permissions, and Access Control Lists

Learning Objectives:

  • Create and manage users and groups

  • Understand the permission model (rwx, octal notation)

  • Apply chmod, chown, and chgrp effectively

  • Implement Access Control Lists (ACLs) for fine-grained control

  • Recognize permission-related vulnerabilities

Lab Activity: Create multiple users and groups. Set up a shared directory with specific group permissions. Implement ACLs using setfacl and getfacl. Identify and fix insecure file permissions (world-writable files).

Recommended Resources:

  • "The Linux Command Line" by William Shotts, Chapter 9

  • Linux man pages: chmod(1), acl(5)

4

Week 9: Authentication Mechanisms

Topic: Linux Authentication, PAM, Password Security, and Multi-Factor Authentication

Learning Objectives:

  • Explain how Linux authenticates users (/etc/passwd, /etc/shadow)

  • Understand Pluggable Authentication Modules (PAM)

  • Configure password policies and aging

  • Implement SSH key-based authentication

  • Set up multi-factor authentication (MFA)

Lab Activity: Configure PAM to enforce password complexity. Set password aging with chage. Generate SSH key pairs and configure passwordless SSH login. Install and configure Google Authenticator for MFA on SSH.

Recommended Resources:

  • Linux-PAM System Administrator's Guide

  • NIST SP 800-63B: Digital Identity Guidelines

PHASE 3: SECURITY DEEP-DIVE (Weeks 10-13)

1

Week 10: Access Control and Security Policies

Topic: Discretionary Access Control (DAC), Mandatory Access Control (MAC), SELinux, and AppArmor

Learning Objectives:

  • Differentiate between DAC and MAC models

  • Configure and troubleshoot SELinux (modes, contexts, booleans)

  • Create AppArmor profiles for application confinement

  • Understand the principle of least privilege

  • Audit access control configurations

Lab Activity: Enable SELinux and resolve common denials using audit2allow. Create a custom AppArmor profile for a web server. Compare security posture with and without MAC enforcement.

Recommended Resources:

  • Red Hat SELinux User's Guide

  • Ubuntu AppArmor Documentation

2

Week 11: Software Vulnerabilities and Exploitation

Topic: Buffer Overflows, Privilege Escalation, and Common Attack Vectors

Learning Objectives:

  • Explain common vulnerability types (buffer overflow, race conditions, injection)

  • Understand exploitation techniques and mitigations (ASLR, DEP, Stack Canaries)

  • Identify privilege escalation paths in Linux

  • Use vulnerability scanning tools

  • Apply secure coding principles

Lab Activity: Compile a vulnerable C program with protections disabled. Demonstrate a simple buffer overflow. Enable ASLR and stack canaries and observe the mitigation effect. Use lynis for system security auditing.

Recommended Resources:

  • "Hacking: The Art of Exploitation" by Jon Erickson

  • OWASP Testing Guide

  • CVE Database (cve.mitre.org)

3

Week 12: Sandboxing and Containerization

Topic: Process Isolation, Namespaces, cgroups, chroot, and Docker Security

Learning Objectives:

  • Understand Linux namespaces and control groups (cgroups)

  • Implement basic sandboxing with chroot

  • Deploy and secure Docker containers

  • Configure container security options (capabilities, seccomp, read-only filesystems)

  • Recognize container escape vulnerabilities

Lab Activity: Create a chroot jail for a simple application. Deploy a containerized web application with Docker. Apply security hardening: drop capabilities, use seccomp profiles, run as non-root user. Scan container images with trivy.

Recommended Resources:

  • Docker Security Documentation

  • "Container Security" by Liz Rice

  • Linux man pages: namespaces(7), cgroups(7)

4

Week 13: System Hardening and Security Auditing

Topic: Secure Configuration, Logging, Intrusion Detection, and Compliance

Learning Objectives:

  • Apply system hardening best practices (CIS Benchmarks)

  • Configure centralized logging with rsyslog/journald

  • Set up host-based intrusion detection (AIDE, OSSEC)

  • Implement firewall rules with iptables/nftables

  • Perform security audits and vulnerability assessments

Lab Activity: Harden a Linux server following CIS Benchmarks. Configure AIDE for file integrity monitoring. Set up iptables rules to restrict incoming/outgoing traffic. Review logs for suspicious activity using grep and log analysis tools.

Recommended Resources:

  • CIS Benchmarks for Linux

  • "Practical Linux Security Cookbook"

  • SANS Linux Security Checklist

PHASE 4: ADVANCED TOPICS (Weeks 14-15)

1

Week 14: Virtualization Technologies

Topic: Hypervisors, KVM, QEMU, and Virtual Machine Security

Learning Objectives:

  • Differentiate between Type 1 and Type 2 hypervisors

  • Understand KVM/QEMU architecture in Linux

  • Create and manage virtual machines using libvirt/virsh

  • Implement VM isolation and security best practices

  • Compare virtualization to containerization for security use cases

Lab Activity: Install KVM and create a virtual machine using virt-manager or virsh. Configure networking (bridged, NAT). Implement CPU and memory limits. Take snapshots and practice VM migration. Compare VM isolation to Docker container isolation.

Recommended Resources:

  • Red Hat Virtualization Documentation

  • "Mastering KVM Virtualization"

  • Proxmox VE Documentation

2

Week 15: Case Studies and Emerging Trends

Topic: Comparative OS Security Analysis, Real-World Incidents, and Future Directions

Learning Objectives:

  • Compare security models across Linux, Windows, and macOS

  • Analyze real-world security breaches and lessons learned

  • Evaluate emerging technologies (eBPF, confidential computing, immutable OS)

  • Discuss cloud-native security considerations

  • Synthesize course concepts into a holistic security mindset

Lab Activity: Final Project Presentation: Students present a security analysis of a chosen system, including threat modeling, hardening recommendations, and incident response plan. Case study discussion on major breaches (SolarWinds, Log4j, Heartbleed) with root cause analysis.

Recommended Resources:

  • "The Practice of System and Network Administration" by Limoncelli

  • Krebs on Security (case studies)

  • Linux Foundation: eBPF Documentation

  • NIST Cybersecurity Framework

Assessment Overview

Component
Weight

Weekly Assignments

30%

Midterm Exam (Weeks 1-7)

20%

Final Exam (Weeks 9-15)

20%

Final Project

25%

Attendance

5%

Required Tools & Environment

  • Virtualization: VirtualBox, VMware, or Proxmox

  • Linux Distributions: Ubuntu

  • Security Tools: Nmap, Wireshark, Burp Suite (Community), Etc.,

  • Development: Python 3, Bash

PreviousWelcomeNextQuickstart

Last updated