Book Image

SELinux System Administration

By : Sven Vermeulen
Book Image

SELinux System Administration

By: Sven Vermeulen

Overview of this book

NSA Security-Enhanced Linux (SELinux) is a set of patches and added utilities to the Linux kernel to incorporate a strong, flexible, mandatory access control architecture into the major subsystems of the kernel. With its fine-grained yet flexible approach, it is no wonder Linux distributions are firing up SELinux as a default security measure. SELinux System Administration covers the majority of SELinux features through a mix of real-life scenarios, descriptions, and examples. Everything an administrator needs to further tune SELinux to suit their needs are present in this book. This book touches on various SELinux topics, guiding you through the configuration of SELinux contexts, definitions, and the assignment of SELinux roles, and finishes up with policy enhancements. All of SELinux's configuration handles, be they conditional policies, constraints, policy types, or audit capabilities, are covered in this book with genuine examples that administrators might come across. By the end, SELinux System Administration will have taught you how to configure your Linux system to be more secure, powered by a formidable mandatory access control.

Related Content you might be interested in

Current Title:

Small book image
SELinux System Administration
Sven Vermeulen
Sep, 2013 | 120 pages
No titles found
Table of Contents (13 chapters)
SELinux System Administration
SELinux System Administration
Credits
Credits
About the Author
About the Author
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Fundamental SELinux Concepts
Fundamental SELinux Concepts
Providing more security to Linux
Everything gets a label
Policies – the ultimate dictators
Summary
2
Understanding SELinux Decisions and Logging
Understanding SELinux Decisions and Logging
Disabling SELinux
SELinux on, SELinux off
SELinux logging and auditing
Summary
3
Managing User Logins
Managing User Logins
So, who am I?
SELinux users and roles
Jumping from one role to another
Getting in the right context
Summary
4
Process Domains and File-level Access Controls
Process Domains and File-level Access Controls
Reading and changing file contexts
The context of a process
Dealing with types, permissions, and constraints
Summary
5
Controlling Network Communications
Controlling Network Communications
TCP and UDP support
Integrating with Linux netfilter
Introducing labeled networking
Summary
6
Working with SELinux Policies
Working with SELinux Policies
Manipulating SELinux policies
Enhancing SELinux policies
Creating our own modules
Creating roles and user domains
Creating new application domains
Other uses of policy enhancements
Summary
Index
Index

Summary

SELinux maps Linux users onto SELinux users and defines the roles that a user is allowed to be in through the SELinux user definitions. We learned how to manage those mappings and the SELinux users with the semanage application and were able to grant the right roles to the right people.

We also saw how the same commands are used to grant proper sensitivity to the user and how we can describe these levels in the setrans.conf file. We used the chcat tool to do most of the category-related management activities.

After assigning roles to the users, we saw how to jump from one role to another using newrole, sudo, runcon, and run_init. We ended this chapter with the important insight on how SELinux integrates in the Linux authentication process and how it implements application-specific contexts.

In the next chapter, we will learn to manage the labels on files and processes and see how we can query the SELinux policy rules.

Previous Section
End of Chapter 3
Next Chapter