LinuxCBT SELinux Edition encompasses: 1. SELinux Security.
LinuxCBT SELinux Edition is unparalleled in content, depth and expertise. It entails 11-hours, or over 1-day of classroom training. LinuxCBT SELinux Edition prepares you or your organization for successfully securing GNU/Linux & Open Source-based solutions. As a by-product, many of the covered concepts, utilities and tricks are applicable to heterogeneous computing environments, ensuring your coverage of the fundamentals of securing corporate infrastructures.
Let LinuxCBT SELinux Edition cost-effectively sharpen your GNU/Linux & Open Source Security skills!
Recommended Prerequisites for:
- Any LinuxCBT Operating System Course (Classic/EL-4|5/SUSE/Debian Editions)
- Open mind & determination to master Linux and related open-source applications
- Basic understanding of networking concepts
- Access to a PC to follow the exercises
SELinux Security - Module IV
- Access Control Models
- Describe Access Control Model (ACM) theories (DAC/MAC/nDAC)
- Explain features & shortcomings of Discretionary Access Control (DAC) models
- Identify key DAC-based utilities
- Discuss the advantages & caveats of Mandatory Access Control (MAC)models
- Explore DAC-based programs
- SELinux - Basics
- Discuss subjects & objects
- Explain how SELinux is implemented in 2.6.x-based kernels
- Confirm SELinux support in the kernel
- Identify key SELinux packages
- Use sestatus to obtain the current SELinux mode
- Discuss subject & object labeling
- Describe the 3 SELinux operating modes
- Identify key utilities & files, which dictate the current SELinux operating mode
- Focus on the features of SELinux permissive mode
- Explore the boot process as it relates to SELinux
- SELinux - Object Labeling
- Discuss subject & object labeling
- Discuss the role of extended attributes (XATTRs)
- Expose the labels of specific objects
- Alter the lables of specific objects
- Configure SELinux to automatically label objects per security policy
- Reset the system and confirm labels on altered objects
- Explain security tuples
- Use fixfiles to restore object labels on running system per security policy
- SELinux - Type Contexts - Security Labels Applied to Objects
- Intro to object security tuples - security labels
- Attempt to serve HTML content using Apache in SELinux enforcing mode
- Identify problematic object security labels
- Serve HTML content in SELinux permissive mode
- Use chcon to alter object security labels
- Switch to enforcing mode & confirm the ability to serve HTML content
- Use restorecon to restore object security context (labels)
- SELinux - Basic Commands - Type & Domain Exposition
- ps - reveal subjects' security context (security label) - Domains
- ls - reveal objects' security label - Types
- cp - preserve/inherit security labels
- mv - preserve security labels
- id - expose subject security label
- SELinux - Targeted Policy - Binary
- Explain the Targeted Policy's features
- Discuss policy transitions for domains
- Compare & contrast confined & unconfined states
- Exempt Apache daemon from the auspicies of the targeted policy's confined state
- Evaluate results after exemption
- Explain the security contexts applied to subjects & objects
- Peruse key targeted binary policy files
- Identify the daemons protected by the targeted policy
- Discuss the unconfined_t domain - subject label
- SELinux - Targeted Policy - Source
- Install the targeted policy source files
- Identify & discuss TE and FC files
- Explore file_contexts - context definition for objects
- Discuss the file context syntax
- Explain the purpose of using run_init to initiate SELinux-protected daemons
- Switch between permissive & enforcing modes and evaluate behavior
- Peruse the key files in the targeted source policy
- SELinux - Miscellaneous Utilities - Logging
- Use tar to archive SELinux-protected objects
- Confirm security labels on tar-archived objects
- Use the tar substitute 'star' to archive extended attributes(XATTRs)
- Confirm security labels on star-archived objects
- Discuss the role of the AVC
- Examine SELinux logs - /var/log/messages
- Alter Syslog configuration to route SELinux messages to an ideal location
- Use SETools, shell-based programs to output real-time statistics
- Install & use SEAudit graphical SELinux log-management tool
- SELinux - RedHat® Enterprise 5.x - Exploration
- Explore configuration & key utilities
- Transition from 'disabled' to 'permissive' mode
- Focus on Apache web server behavior
- Enable UserDir functionality & test content access
- Transition to 'enforcing' mode
- Examine Apache behvavior in restricted environment
- Adjust SELinux directives
- Evaluate results
- top
|
