Book Description
A comprehensive guide to walk you through SELinux access controls
Overview
- Use SELinux to further control network communications
- Enhance your system’s security through SELinux access controls
- Set up SELinux roles, users and their sensitivity levels
In Detail
NSA Security-Enhanced Linux (SELinux) is a set of patches and added utilities to the Linux kernel to incorporate a strong, flexible, mandatory access control architecture into the major subsystems of the kernel. With its fine-grained yet flexible approach, it is no wonder Linux distributions are firing up SELinux as a default security measure.
SELinux System Administration covers the majority of SELinux features through a mix of real-life scenarios, descriptions, and examples. Everything an administrator needs to further tune SELinux to suit their needs are present in this book.
This book touches on various SELinux topics, guiding you through the configuration of SELinux contexts, definitions, and the assignment of SELinux roles, and finishes up with policy enhancements. All of SELinux’s configuration handles, be they conditional policies, constraints, policy types, or audit capabilities, are covered in this book with genuine examples that administrators might come across.
By the end, SELinux System Administration will have taught you how to configure your Linux system to be more secure, powered by a formidable mandatory access control.
What you will learn from this book
- Enable and disable features selectively or even enforce them to a granular level
- Interpret SELinux logging to make security-conscious decisions
- Assign new contexts and sensitivity labels to files and other resources
- Work with mod_selinux to secure web applications
- Use tools like sudo, runcon, and newrole to switch roles and run privileged commands in a safe environment
- Use iptables to assign labels to network packets
- Configure IPSec and NetLabel to transport SELinux contexts over the wire
- Build your own SELinux policies using reference policy interfaces
Approach
A step-by-step guide to learn how to set up security on Linux servers by taking SELinux policies into your own hands.
Who this book is written for
Linux administrators will enjoy the various SELinux features that this book covers and the approach used to guide the admin into understanding how SELinux works. The book assumes that you have basic knowledge in Linux administration, especially Linux permission and user management.
Table of Contents
Chapter 1: Fundamental SELinux Concepts
Chapter 2: Understanding SELinux Decisions and Logging
Chapter 3: Managing User Logins
Chapter 4: Process Domains and File-level Access Controls
Chapter 5: Controlling Network Communications
Chapter 6: Working with SELinux Policies
中文:
书名:SELinux System Administration
指导您完成SELinux访问控制的全面指南
Overview
- 使用SELinux进一步控制网络通信
- 通过SELinux访问控制增强系统的安全性
- 设置SELinux角色、用户及其敏感度级别
In Detail
NSA安全增强Linux(SELinux)是Linux内核的一组补丁和添加的实用程序,用于将强大、灵活、强制的访问控制体系结构整合到内核的主要子系统中。凭借其细粒度而又灵活的方法,难怪Linux发行版将SELinux作为默认的安全措施。
SELinux系统管理通过一系列真实场景、描述和示例介绍了SELinux的大部分功能。管理员进一步调优SELinux以满足其需求所需的一切内容都在本书中提供。
本书涉及各种SELinux主题,指导您完成SELinux上下文的配置、定义和SELinux角色的分配,最后介绍策略增强。本书通过管理员可能遇到的真实示例介绍了SELinux的所有配置句柄,无论是条件策略、约束、策略类型还是审计功能。
到最后,SELinux系统管理将教会您如何配置您的Linux系统,使其在强大的强制访问控制的支持下更加安全。
你将从这本书中学到什么
- 有选择地启用和禁用功能,甚至精确地强制执行这些功能
- 解释SELinux日志以做出有安全意识的决策
- 为文件和其他资源分配新的上下文和敏感度标签
- 使用mod_selinux保护Web应用程序
- 使用sudo、runcon和newole等工具在安全的环境中切换角色并运行特权命令
- 使用iptable为网络数据包分配标签
- 配置IPSec和NetLabel以通过线路传输SELinux上下文
- 使用参考策略接口构建您自己的SELinux策略
Approach
本分步指南介绍如何通过掌握SELinux策略在Linux服务器上设置安全性。
这本书是为谁写的
Linux管理员将会喜欢本书介绍的各种SELinux功能,以及用来指导管理员理解SELinux工作原理的方法。本书假定您具有Linux管理的基本知识,特别是Linux权限和用户管理。
Table of Contents
第1章:SELinux的基本概念
第2章:了解SELinux决策和日志记录
第3章:管理用户登录
Chapter 4: Process Domains and File-level Access Controls
Chapter 5: Controlling Network Communications
第6章:使用SELinux策略
评论前必须登录!
注册