SELinux by Example: Using Security Enhanced Linux
SELinux by Example: Using Security Enhanced Linux
ISBN: 0131963694
EAN: 2147483647
EAN: 2147483647
Year: 2007
Pages: 154
Pages: 154
- SELinux by Example: Using Security Enhanced Linux
- Table of Contents
- Copyright
- Prentice Hall Open Source Software Development Series
- Acknowledgments
- About the Authors
- Preface
- Part I: SELinux Overview
- Chapter 1. Background
- Section 1.1. The Inevitability of Software Failure
- Section 1.2. The Evolution of Access Control Security in Operating Systems
- Section 1.3. Summary
- Exercises
- Chapter 2. Concepts
- Section 2.1. Security Contexts for Type Enforcement
- Section 2.2. Type Enforcement Access Control
- Section 2.3. The Role of Roles
- Section 2.4. Multilevel Security in SELinux
- Section 2.5. SELinux Features Familiarization
- Section 2.6. Summary
- Exercises
- Chapter 3. Architecture
- Section 3.1. The Kernel Architecture
- Section 3.2. Userspace Object Managers
- Section 3.3. SELinux Policy Language
- Section 3.4. Summary
- Exercises
- Part II: SELinux Policy Language
- Chapter 4. Object Classes and Permissions
- Section 4.1. Purpose of Object Classes in SELinux
- Section 4.2. Defining Object Classes in SELinux Policy
- Section 4.3. Available Object Classes
- Section 4.4. Object Class Permission Examples
- Section 4.5. Exploring Object Classes with Apol
- Section 4.6. Summary
- Exercises
- Chapter 5. Type Enforcement
- Section 5.1. Type Enforcement
- Section 5.2. Types, Attributes, and Aliases
- Section 5.3. Access Vector Rules
- Section 5.4. Type Rules
- Section 5.5. Exploring Type Enforcement Rules with Apol
- Section 5.6. Summary
- Exercises
- Chapter 6. Roles and Users
- Section 6.1. Role-Based Access Control in SELinux
- Section 6.2. Roles and Role Statements
- Section 6.3. Users and User Statements
- Section 6.4. Exploring Roles and Users with Apol
- Section 6.5. Summary
- Exercises
- Chapter 7. Constraints
- Section 7.1. A Closer Look at the Access Decision Algorithm
- Section 7.2. Constrain Statement
- Section 7.3. Label Transition Constraints
- Section 7.4. Summary
- Exercises
- Chapter 8. Multilevel Security
- Section 8.1. Multilevel Security Constraints
- Section 8.2. Security Contexts with MLS
- Section 8.3. MLS Constraints
- Section 8.4. Other Impacts of MLS
- Section 8.5. Summary
- Exercises
- Chapter 9. Conditional Policies
- Section 9.1. Overview of Conditional Policies
- Section 9.2. Boolean Variables
- Section 9.3. Conditional Statements
- Section 9.4. Examining Booleans and Conditional Policies with Apol
- Section 9.5. Summary
- Exercises
- Chapter 10. Object Labeling
- Section 10.1. Introduction to Object Labeling
- Section 10.2. File-Related Object Labeling
- Section 10.3. Network and Socket Object Labeling
- Section 10.4. System V IPC
- Section 10.5. Miscellaneous Object Labeling
- Section 10.6. Initial Security Identifiers
- Section 10.7. Exploring Object Labeling with Apol
- Section 10.8. Summary
- Exercises
- Part III: Creating and Writing SELinux Security Policies
- Chapter 11. Original Example Policy
- Section 11.1. Methods for Managing the Build Process
- Section 11.2. Strict Example Policy
- Section 11.3. Targeted Example Policy
- Section 11.4. Summary
- Exercises
- Chapter 12. Reference Policy
- Section 12.1. Goals of the Reference Policy
- Section 12.2. Overview of Policy Source File Structure
- Section 12.3. Design Principles
- Section 12.4. Examining a Reference Policy Module
- Section 12.5. Build Options for Reference Policy
- Section 12.6. Summary
- Exercises
- Chapter 13. Managing an SELinux System
- Section 13.1. SELinux Configuration and Policy Management Files
- Section 13.2. Impact of SELinux on System Administration
- Section 13.3. Summary
- Exercises
- Chapter 14. Writing Policy Modules
- Section 14.1. Overview of Writing a Policy Module
- Section 14.2. Preparation and Planning
- Section 14.3. Creating an Initial Policy Module
- Section 14.4. Testing and Analyzing the Policy
- Section 14.5. Emerging Policy Development Tools
- Section 14.6. Complete IRC Daemon Module Listings
- Section 14.7. Summary
- Appendix A. Obtaining SELinux Sample Policies
- Section A.1. Example Policy
- Section A.2. Reference Policy
- Appendix B. Participation and Further Information
- Section B.1. The SELinux Mail List
- Section B.2. The Annual SELinux Symposium
- Section B.3. The NSA The
- Section B.4. Tresys Technology
- Section B.5. Open Source Projects
- Section B.6. The SELinux IRC Channel
- Section B.7. The Fedora Core Site
- Section B.8. Hardened Gentoo
- Section B.9. Other Related Security Information
- Appendix C. Object Classes and Permissions
- Section C.1. Common Permission Sets
- Section C.2. Object Classes and Defined Permission Sets
- Appendix D. SELinux Commands and Utilities
- Section D.1. System Utilities
- Section D.2. SETools Suite
- Section D.3. Other SELinux Tools
- Index
- SYMBOL
- A
- B
- C
- D
- E
- F
- G
- H
- I
- K
- L
- M
- N
- O
- P
- Q
- R
- S
- T
- U
- V
- W
SELinux by Example: Using Security Enhanced Linux
ISBN: 0131963694
EAN: 2147483647
EAN: 2147483647
Year: 2007
Pages: 154
Pages: 154