Szczegóły ebooka

SELinux System Administration. With a command of SELinux you can enjoy watertight security on your Linux servers. This guide shows you how through examples taken from real-life situations, giving you a good grounding in all the available features

SELinux System Administration. With a command of SELinux you can enjoy watertight security on your Linux servers. This guide shows you how through examples taken from real-life situations, giving you a good grounding in all the available features

Sven Vermeulen

Ebook
NSA Security-Enhanced Linux (SELinux) is a set of patches and added utilities to the Linux kernel to incorporate a strong, flexible, mandatory access control architecture into the major subsystems of the kernel. With its fine-grained yet flexible approach, it is no wonder Linux distributions are firing up SELinux as a default security measure.

SELinux System Administration covers the majority of SELinux features through a mix of real-life scenarios, descriptions, and examples. Everything an administrator needs to further tune SELinux to suit their needs are present in this book.

This book touches on various SELinux topics, guiding you through the configuration of SELinux contexts, definitions, and the assignment of SELinux roles, and finishes up with policy enhancements. All of SELinux's configuration handles, be they conditional policies, constraints, policy types, or audit capabilities, are covered in this book with genuine examples that administrators might come across.

By the end, SELinux System Administration will have taught you how to configure your Linux system to be more secure, powered by a formidable mandatory access control.
  • SELinux System Administration
    • Table of Contents
    • SELinux System Administration
    • Credits
    • About the Author
    • About the Reviewers
    • www.PacktPub.com
      • Support files, eBooks, discount offers and more
      • Why Subscribe?
      • Free Access for Packt account holders
    • Preface
      • What this book covers
      • Who this book is for
      • Conventions
      • Reader feedback
      • Customer support
        • Downloading the example code
        • Errata
        • Piracy
        • Questions
    • 1. Fundamental SELinux Concepts
      • Providing more security to Linux
        • Linux security modules to the rescue
        • SELinux versus regular DAC
          • Restricting root privileges
        • Enabling SELinux not just a switch
      • Everything gets a label
        • The context fields
          • SELinux types
          • SELinux roles
          • SELinux users
          • Sensitivity labels
      • Policies the ultimate dictators
        • SELinux policy store names and options
          • MLS status
          • Dealing with unknown permissions
          • Supporting unconfined domains
          • User-based access control
        • Policies across distributions
          • MCS versus MLS
          • Policy binaries
            • SELinux policy modules
      • Summary
    • 2. Understanding SELinux Decisions and Logging
      • Disabling SELinux
      • SELinux on, SELinux off
        • Switching to permissive (or enforcing) temporarily
        • Using kernel boot parameters
        • Disabling SELinux protections for a single service
        • Applications that "speak" SELinux
      • SELinux logging and auditing
        • Configuring SELinux log destination
        • Reading SELinux denials
        • Uncovering more denials
        • Getting help with denials
          • setroubleshoot to the rescue
          • Using audit2why
          • Using common sense
      • Summary
    • 3. Managing User Logins
      • So, who am I?
        • The rationale behind unconfined
      • SELinux users and roles
        • We all are one SELinux user
        • Creating additional users
        • Limiting access based on confidentiality
      • Jumping from one role to another
        • Full role switching with newrole
        • Managing role access with sudo
        • Switching to the system role
        • The runcon user application
      • Getting in the right context
        • Context switching during authentication
        • Application-based contexts
      • Summary
    • 4. Process Domains and File-level Access Controls
      • Reading and changing file contexts
        • Getting context information
        • Working with context expressions
        • Setting context information
        • Using customizable types
        • Inheriting the context
        • Placing categories on files and directories
      • The context of a process
        • Transitioning towards a domain
        • Other supported transitions
        • Working with mod_selinux
      • Dealing with types, permissions, and constraints
        • Type attributes
        • Querying domain permissions
        • Understanding constraints
      • Summary
    • 5. Controlling Network Communications
      • TCP and UDP support
        • Labeling ports
      • Integrating with Linux netfilter
        • Packet labeling through netfilter
        • Assigning labels to packets
        • Differentiating between server and client communication
      • Introducing labeled networking
        • Common labeling approach
          • Limiting flows based on the network interface
          • Accepting communication from selected hosts
          • Verifying peer-to-peer flow
        • Example labeled IPSec
          • Setting up regular IPSec
          • Enabling labeled IPSec
        • About NetLabel/CIPSO
      • Summary
    • 6. Working with SELinux Policies
      • Manipulating SELinux policies
        • Overview of SELinux Booleans
        • Changing Boolean values
        • Inspecting the impact of Boolean
      • Enhancing SELinux policies
        • Handling SELinux policy modules
        • Troubleshooting using audit2allow
        • Using refpolicy macros
        • Using selocal
      • Creating our own modules
        • Building native modules
        • Building reference policy modules
      • Creating roles and user domains
        • The pgsql_admin role and user
          • Creating the user rights
          • Shell access
      • Creating new application domains
        • An example application domain
        • Creating interfaces
      • Other uses of policy enhancements
        • Creating customized SECMARK types
        • Using different interfaces and nodes
        • Auditing access attempts
        • Creating customizable types
      • Summary
    • Index
  • Tytuł: SELinux System Administration. With a command of SELinux you can enjoy watertight security on your Linux servers. This guide shows you how through examples taken from real-life situations, giving you a good grounding in all the available features
  • Autor: Sven Vermeulen
  • Tytuł oryginału: SELinux System Administration. With a command of SELinux you can enjoy watertight security on your Linux servers. This guide shows you how through examples taken from real-life situations, giving you a good grounding in all the available features.
  • ISBN: 9781783283187, 9781783283187
  • Data wydania: 2013-09-24
  • Format: Ebook
  • Identyfikator pozycji: e_3cen
  • Wydawca: Packt Publishing