Book Image

Hands-On Linux Administration on Azure - Second Edition

By : Kamesh Ganesan, Rithin Skaria, Frederik Vos
Book Image

Hands-On Linux Administration on Azure - Second Edition

By: Kamesh Ganesan, Rithin Skaria, Frederik Vos

Overview of this book

Thanks to its flexibility in delivering scalable cloud solutions, Microsoft Azure is a suitable platform for managing all your workloads. You can use it to implement Linux virtual machines and containers, and to create applications in open source languages with open APIs. This Linux administration book first takes you through the fundamentals of Linux and Azure to prepare you for the more advanced Linux features in later chapters. With the help of real-world examples, you’ll learn how to deploy virtual machines (VMs) in Azure, expand their capabilities, and manage them efficiently. You will manage containers and use them to run applications reliably, and in the concluding chapter, you'll explore troubleshooting techniques using a variety of open source tools. By the end of this book, you'll be proficient in administering Linux on Azure and leveraging the tools required for deployment.
Table of Contents (14 chapters)
13
Index

MAC

In MAC, a system limits access to specific resources depending on the authorization and sensitivity of the specific resource. It's more policy-based and is implemented using Linux Security Modules (LSM).

Security labels are at the heart of MAC. Every subject is given a level of security clearance (for example, secret or confidential) and each data object gets a security classification. For instance, a user with a security clearance level of confidential who is trying to retrieve a data object with a security classification of top secret is denied access, because their clearance is lower than the classification of the object.

Hence, it is quite obvious that you can use the MAC model mostly in those environments where confidentiality is of the utmost importance (government institutions, and so on).

SELinux and AppArmor are examples of MAC-based commercial systems.

LSM

LSM is a framework for providing an interface for adding MAC on top of DAC. This extra layer...