Course Code: lwinsys
Duration: 35 hours
Prerequisites:

Learning Outcomes

By the end of the training, participants will be able to:

  • Confidently administer both Linux and Windows environments
  • Integrate and manage directory services securely
  • Automate repetitive sysadmin and security tasks using Bash
  • Set up and manage centralized logging for threat detection
  • Interpret and act on log data from both platforms

Delivery Mode: Instructor-led (onsite or remote)
Target Audience: L2 to L3 Security Engineers
Prerequisites: Basic experience with command-line interfaces and system administration

Course Outline:

DAY 1: Linux System Administration for Security

  • Linux system architecture and boot process
  • Package management (apt/yum)
  • File system structure, permissions, and access control
  • Managing users, groups, and sudoers
  • Systemd services and scheduling with cron
  • Network configuration and troubleshooting tools (ip, netstat, ss, tcpdump)

DAY 2: Windows System Administration + Active Directory

  • Windows Server roles and features overview
  • Managing Active Directory:
    • Users, groups, and OUs
    • Group Policy Objects (GPOs)
    • AD security best practices
  • Integrating AD with Linux (brief intro to cross-platform auth)
  • Scripting with PowerShell for user and group automation

DAY 3: Directory Services – LDAP and AD Integration

  • Understanding LDAP concepts
  • Deploying and managing OpenLDAP on Linux
  • Comparing LDAP vs. AD
  • AD-LDAP integration basics
  • Authentication and access control via LDAP

DAY 4: Shell/Bash Scripting for System and Security Automation

  • Bash syntax: variables, loops, conditionals
  • Automating user management and service monitoring
  • Writing log monitoring and alert scripts
  • Error handling and logging in scripts
  • Using scripts in cron jobs for automation

DAY 5: Centralized Log Management and Analysis

  • Linux logging: syslog, journald, logrotate
  • Windows Event Logs: access, filtering, exporting
  • Centralized log collection with rsyslog or syslog-ng
  • Introduction to log aggregation tools: Graylog, ELK Stack
  • Parsing logs for security insights (auth failures, privilege changes, port scans)