Linux Account Hardening Techniques (XK0-006)
This lab aligns to the following CompTIA Linux+ (XK0-006) exam objectives:
- 3.4: Explain account hardening techniques and best practices.
- 5.4: Given a scenario, analyze and troubleshoot security issues on a Linux system.
By the end of this lab, you will be able to:
- Enforce strong password complexity policies using the
pam_pwqualitymodule. - Configure MFA for local Linux accounts using Google Authenticator.
- Identify compromised passwords by checking against known breach lists.
- Restrict user capabilities by applying restricted shells to limit available commands.
Overview
Welcome to the Linux Account Hardening Techniques lab. In this lab, you will implement multiple account security controls to strengthen the posture of user accounts on an Ubuntu system. You will work with common authentication and account security scenarios, including weak credentials, account lockout risks, and exposure from compromised passwords.
You will configure password complexity and retry limits using PAM, set up multifactor authentication using the Google Authenticator PAM module, and verify whether a password has been exposed in known breach databases. You will also restrict a user account to a limited set of commands using a restricted shell to reduce the impact of unauthorized access.
By the end of this lab, you will be able to apply account hardening techniques used in real-world Linux security deployments to protect authentication processes, enforce access controls, and support overall system integrity.
In this lab, you will complete the following two activities:
- Reading Assignment – Linux Account Hardening and Security Issues
- Exercise 1 – Implementing Account Hardening Techniques
Click Next to continue.