Open this lesson in your favourite AI. It'll walk you through the why, explain the demo, and quiz you on the try-it list.
A Linux host's threat surface decomposes into: kernel (LPE), services (network-exposed daemons), users (credentials, shells), filesystem (DAC bypasses, SUID), and the supply chain (packages, container images). Threat-modelling a host means walking each surface and asking 'what's the worst that fits an adversary's budget?'.
Concrete: an internal DB host's threat surface is dominated by the DB daemon (CVEs), SSH (credentials), the data volume (encrypted at rest?), and SUID binaries (sudoers, polkit). Five threats, five controls; everything else is variance on those.
Use these three in order. Each builds on the one before.
In one paragraph, list the five threat surfaces of a Linux host.
Walk me through threat-modelling a database host step by step.
Design threat-modelling automation: produce a fresh model from a host's actual config.