SELinux System Administration
图书信息
| 作者 | Sven Vermeulen |
| 出版社 | Packt Publishing |
| ISBN | 9781783283187 |
| 出版时间 | 2013-09-24 |
| 字数 | 88.7万 |
| 分类 | 进口书,外文原版书,电脑,网络 |
读书简介
A step-by-step guide to learn how to set up security on Linux servers by taking SELinux policies into your own hands.Linux administrators will enjoy the various SELinux features that this book covers and the approach used to guide the admin into understanding how SELinux works. The book assumes that you have basic knowledge in Linux administration, especially Linux permission and user management.
目录
SELinux System Administration
Table of Contents
SELinux System Administration
Credits
About the Author
About the Reviewers
www.PacktPub.com
Support files, eBooks, discount offers and more
Why Subscribe?
Free Access for Packt account holders
Preface
What this book covers
Who this book is for
Conventions
Reader feedback
Customer support
Downloading the example code
Errata
Piracy
Questions
1. Fundamental SELinux Concepts
Providing more security to Linux
Linux security modules to the rescue
SELinux versus regular DAC
Restricting root privileges
Enabling SELinux – not just a switch
Everything gets a label
The context fields
SELinux types
SELinux roles
SELinux users
Sensitivity labels
Policies – the ultimate dictators
SELinux policy store names and options
MLS status
Dealing with unknown permissions
Supporting unconfined domains
User-based access control
Policies across distributions
MCS versus MLS
Policy binaries
SELinux policy modules
Summary
2. Understanding SELinux Decisions and Logging
Disabling SELinux
SELinux on, SELinux off
Switching to permissive (or enforcing) temporarily
Using kernel boot parameters
Disabling SELinux protections for a single service
Applications that "speak" SELinux
SELinux logging and auditing
Configuring SELinux' log destination
Reading SELinux denials
Uncovering more denials
Getting help with denials
setroubleshoot to the rescue
Using audit2why
Using common sense
Summary
3. Managing User Logins
So, who am I?
The rationale behind unconfined
SELinux users and roles
We all are one SELinux user
Creating additional users
Limiting access based on confidentiality
Jumping from one role to another
Full role switching with newrole
Managing role access with sudo
Switching to the system role
The runcon user application
Getting in the right context
Context switching during authentication
Application-based contexts
Summary
4. Process Domains and File-level Access Controls
Reading and changing file contexts
Getting context information
Working with context expressions
Setting context information
Using customizable types
Inheriting the context
Placing categories on files and directories
The context of a process
Transitioning towards a domain
Other supported transitions
Working with mod_selinux
Dealing with types, permissions, and constraints
Type attributes
Querying domain permissions
Understanding constraints
Summary
5. Controlling Network Communications
TCP and UDP support
Labeling ports
Integrating with Linux netfilter
Packet labeling through netfilter
Assigning labels to packets
Differentiating between server and client communication
Introducing labeled networking
Common labeling approach
Limiting flows based on the network interface
Accepting communication from selected hosts
Verifying peer-to-peer flow
Example – labeled IPSec
Setting up regular IPSec
Enabling labeled IPSec
About NetLabel/CIPSO
Summary
6. Working with SELinux Policies
Manipulating SELinux policies
Overview of SELinux Booleans
Changing Boolean values
Inspecting the impact of Boolean
Enhancing SELinux policies
Handling SELinux policy modules
Troubleshooting using audit2allow
Using refpolicy macros
Using selocal
Creating our own modules
Building native modules
Building reference policy modules
Creating roles and user domains
The pgsql_admin role and user
Creating the user rights
Shell access
Creating new application domains
An example application domain
Creating interfaces
Other uses of policy enhancements
Creating customized SECMARK types
Using different interfaces and nodes
Auditing access attempts
Creating customizable types
Summary
Index
- 新手学Dreamweaver CS6+Flash CS6+Photoshop CS6网页设计(实例版)(全彩)(含DVD光盘1张)(鼎翰文化)
- 502(暂无)
- 一年级爱科学:异想天开的玉米粒(代晓琴)
- 人机对话系统(曹均阔,陈国莲)
- 151 Provérbios de Shakespeare(Willian Castro)
- 软装设计师手册(简明敏)
- RNA时代:*解密RNA分子如何创造生命的新奇迹([美]托马斯·R·切赫)
- 戒子的诗(戒子)
