Vertical CSS Menu Generator Css3Menu.com

 



Price: Subscription Includes ALL LinuxCBT | UnixCBT Content
Subscription Terms: 1-Month | 3-Month | 6-Month | 12-Month
License: Single-User (Default)
Multiple Licenses: Select During Checkout
System Requirements: Web Browser with HTML5 | Flash support
User Agents: Chrome | Safari | Firefox | IE | Opera
Mobile | Tablet Platforms: IOS | Droid
Duration: 10 hours
Demos: Launch

LinuxCBT SELinux Edition encompasses: 1. SELinux Security.

LinuxCBT SELinux Edition is unparalleled in content, depth and expertise. It entails 11-hours, or over 1-day of classroom training. LinuxCBT SELinux Edition prepares you or your organization for successfully securing GNU/Linux & Open Source-based solutions. As a by-product, many of the covered concepts, utilities and tricks are applicable to heterogeneous computing environments, ensuring your coverage of the fundamentals of securing corporate infrastructures.

Let LinuxCBT SELinux Edition cost-effectively sharpen your GNU/Linux & Open Source Security skills!

Recommended Prerequisites for:

  • Any LinuxCBT Operating System Course (Classic/EL-4|5/SUSE/Debian Editions)
    • Open mind & determination to master Linux and related open-source applications
    • Basic understanding of networking concepts
    • Access to a PC to follow the exercises

SELinux Security - Module IV

  • Access Control Models
    • Describe Access Control Model (ACM) theories (DAC/MAC/nDAC)
    • Explain features & shortcomings of Discretionary Access Control (DAC) models
    • Identify key DAC-based utilities
    • Discuss the advantages & caveats of Mandatory Access Control (MAC)models
    • Explore DAC-based programs
  • SELinux - Basics
    • Discuss subjectsobjects
    • Explain how SELinux is implemented in 2.6.x-based kernels
    • Confirm SELinux support in the kernel
    • Identify key SELinux packages
    • Use sestatus to obtain the current SELinux mode
    • Discuss subject & object labeling
    • Describe the 3 SELinux operating modes
    • Identify key utilities & files, which dictate the current SELinux operating mode
    • Focus on the features of SELinux permissive mode
    • Explore the boot process as it relates to SELinux

  • SELinux - Object Labeling
    • Discuss subject & object labeling
    • Discuss the role of extended attributes (XATTRs)
    • Expose the labels of specific objects
    • Alter the lables of specific objects
    • Configure SELinux to automatically label objects per security policy
    • Reset the system and confirm labels on altered objects
    • Explain security tuples
    • Use fixfiles to restore object labels on running system per security policy
  • SELinux - Type Contexts - Security Labels Applied to Objects
    • Intro to object security tuples - security labels
    • Attempt to serve HTML content using Apache in SELinux enforcing mode
    • Identify problematic object security labels
    • Serve HTML content in SELinux permissive mode
    • Use chcon to alter object security labels
    • Switch to enforcing mode & confirm the ability to serve HTML content
    • Use restorecon to restore object security context (labels)
  • SELinux - Basic Commands - Type & Domain Exposition
    • ps - reveal subjects' security context (security label) - Domains
    • ls - reveal objects' security label - Types
    • cp - preserve/inherit security labels
    • mv - preserve security labels
    • id - expose subject security label
  • SELinux - Targeted Policy - Binary
    • Explain the Targeted Policy's features
    • Discuss policy transitions for domains
    • Compare & contrast confined & unconfined states
    • Exempt Apache daemon from the auspicies of the targeted policy's confined state
    • Evaluate results after exemption
    • Explain the security contexts applied to subjects & objects
    • Peruse key targeted binary policy files
    • Identify the daemons protected by the targeted policy
    • Discuss the unconfined_t domain - subject label
  • SELinux - Targeted Policy - Source
    • Install the targeted policy source files
    • Identify & discuss TE and FC files
    • Explore file_contexts - context definition for objects
    • Discuss the file context syntax
    • Explain the purpose of using run_init to initiate SELinux-protected daemons
    • Switch between permissive & enforcing modes and evaluate behavior
    • Peruse the key files in the targeted source policy
  • SELinux - Miscellaneous Utilities - Logging
    • Use tar to archive SELinux-protected objects
    • Confirm security labels on tar-archived objects
    • Use the tar substitute 'star' to archive extended attributes(XATTRs)
    • Confirm security labels on star-archived objects
    • Discuss the role of the AVC
    • Examine SELinux logs - /var/log/messages
    • Alter Syslog configuration to route SELinux messages to an ideal location
    • Use SETools, shell-based programs to output real-time statistics
    • Install & use SEAudit graphical SELinux log-management tool
  • SELinux - RedHat® Enterprise 5.x - Exploration
    • Explore configuration & key utilities
    • Transition from 'disabled' to 'permissive' mode
    • Focus on Apache web server behavior
    • Enable UserDir functionality & test content access
    • Transition to 'enforcing' mode
    • Examine Apache behvavior in restricted environment
    • Adjust SELinux directives
    • Evaluate results
  • SELinux - Network Ports - Service Restrictions
    • Explore standard behavior
    • Configure new application bindings
    • Examine SELinux intervention
    • Rectify SELinux configuration for multiple services
    • Evaluate results
  • top





Copyright © LinuxCBT.com. 2003-2012 - All Rights Reserved - Home | Demos | Privacy | Site Map | Sign-In | RSS Twitter
Linux is a registered trademark of Linus Torvalds.
All brands, products or company names are trademarks or registered trademarks of their respective companies.
 

UnixCBT BSD8x Edition Released
(more)
RSS Twitter
Accenture
AccuWeather
Actel
AIG
Akamai
Alcatel
Alliant Energy
ARRIS
Assurant
AutoDesk
Avocent
Bechtel Corp
Bentley College
Blue Man Group
BNP Paribas
Cadence
CalState PolyTech
CALTECH
Canada Space Agency
Cisco Systems
Computer Sciences
Continental Airlines
CNET
Chrysler
Double-Take
Dublin AA
DisplayTech
Dept. of Labor
DELL
DISA.GOV
Duke B. School
Duke Energy
EMC
ENTRUST
FBI.GOV
FH Cancer Research
Fuji Film Canada
Georgia Lottery
GIA.edu
Good Year
Google
GTECH
Hewlett Packard
Ingersoll Rand
Iowa State U.
ISAGENIX
JP Morgan Chase
L-3 Communications
Liz Claiborne
Louisville Tech
Maui HPCC
McGill University
Methodist University
Mt. Sinai Medical
NASA - JPL
NATS
NAVY
NICHIA Corp
NIH
NLN
NOAA
NOKIA
Northrop Grumman
NORTEL
Ontario Power Gen.
Park Nicollet
PA State Senate
Phelps Dodge
Piper Jaffray
RackSpace UK
Raytheon
REUTERS
ROGERS
SAIC
SafeNet, Inc.
Sanofi-Aventis
Sarah Lawrence
Seton Hall
SGI
Simon & Schuster
SLCC.EDU
Smiths Aerospace
Sony DADC
Spectra Labs
Symantec
TD Ameritrade
Texas Instruments
The Open University
United Nations
UC Irvine
UCLA
UC San Francisco
UC Santa Cruz
U. of Afghanistan
Univ. of Alaska
Univ. of Colorado
University of Iowa
Univ. of Louisville
Univ. of Maryland
Univ. of New Haven
University of Oslo
UMass Med School
Unilever
Unisys
World Bank