Linux Incident Handling
RCCE students will learn Linux endpoint security including OS hardening, kernel security modules, filesystem permissions, SSH hardening, service management, and Linux audit subsystem configuration. RCCE students will learn to harden Linux operating systems following CIS Benchmarks, configure SELinux and AppArmor policies, implement secure filesystem permissions and access controls, harden SSH configurations and key management, manage systemd services and minimize attack surface, configure the Linux audit subsystem for security event collection, detect and investigate Linux-based attacks including privilege escalation, rootkit installation, and persistent backdoors, and manage Linux security patching. This incident response course prepares students to act decisively during security incidents with structured workflows and clear decision frameworks. Starting from foundational concepts, RCCE students will learn containment, evidence collection, eradication, and recovery procedures specific to this domain. Students practice incident scenarios that build the composure, coordination, and documentation skills essential for effective incident handling.
- Endpoint Security Engineers and EDR Analysts
- Windows and macOS Administrators managing privileges
- Identity and Access Management Engineers
- IT Security Operations Leads reducing attack surface
- Professionals implementing Linux Incident Handling
- Execute hands-on tasks for linux incident handling
- Explain Course Overview fundamentals
- Execute hands-on tasks for what you will learn — covering Linux endpoint security fundamentals.
- Build detections and response workflows for privilege escalation, including Structured containment and eradication workflows.
- Execute hands-on tasks for learning objectives
- Execute hands-on tasks for harden linux systems — covering Apply CIS Benchmark controls.
- Execute hands-on tasks for secure access controls — covering filesystem permissions.
- Monitor and audit privilege usage; detect escalation attempts, including Linux audit subsystem.
- Execute hands-on tasks for respond to incidents — covering Execute containment procedures.
- Execute hands-on tasks for module roadmap
- Execute hands-on tasks for linux security
- Execute hands-on tasks for linux security landscape
| Module 01 | Linux Incident Handling |
| Module 02 | Course Overview |
| Module 03 | What You Will Learn |
| Module 04 | Incident Response Skills |
| Module 05 | Learning Objectives |
| Module 06 | Harden Linux Systems |
| Module 07 | Secure Access Controls |
| Module 08 | Monitor & Detect |
| Module 09 | Respond to Incidents |
| Module 10 | Module Roadmap |
| Module 11 | Linux Security |
| Module 12 | Linux Security Landscape |
| Module 13 | Why Linux Security Matters |
| Module 14 | Linux Architecture for Security |
All hands-on labs run on Rocheston Rose X OS. Students practice linux incident handling by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Execute hands-on tasks for linux incident handling
- Lab 2: Explain Course Overview fundamentals
- Lab 3: Execute hands-on tasks for what you will learn
- Lab 4: Build detections and response workflows for privilege escalation
- Lab 5: Execute hands-on tasks for learning objectives
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for Linux Incident Handling, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI