LinuxCBT SELinux Edition

Product Description | Syllabus | Below

Focus: Security Enhanced Linux
Subscription Terms: 1-Month | 3-Month | 6-Month | 12-Month
System Requirements: Browser | [HTML5] | Flash | JavaScript
User Agents: Chrome | Safari | Firefox | IE9+ | Opera
Mobile Platforms: Droid | IOS | Phones | Tablets | Phablets
Certificate of Completion: Auto-Generated
Payment Methods: Credit Card | PayPal | Purchase Order
Duration: 10 Hours
Demos: Launch

Subscribe

Course Objective

SELinux Security - Module IV

  • Access Control Models
    • Describe Access Control Model (ACM) theories (DAC/MAC/nDAC)
    • Explain features & shortcomings of Discretionary Access Control (DAC) models
    • Identify key DAC-based utilities
    • Discuss the advantages & caveats of Mandatory Access Control (MAC)models
    • Explore DAC-based programs
  •  
  • SELinux - Basics
    • Discuss subjectsobjects
    • Explain how SELinux is implemented in 2.6.x-based kernels
    • Confirm SELinux support in the kernel
    • Identify key SELinux packages
    • Use sestatus to obtain the current SELinux mode
    • Discuss subject & object labeling
    • Describe the 3 SELinux operating modes
    • Identify key utilities & files, which dictate the current SELinux operating mode
    • Focus on the features of SELinux permissive mode
    • Explore the boot process as it relates to SELinux

  • SELinux - Object Labeling
    • Discuss subject & object labeling
    • Discuss the role of extended attributes (XATTRs)
    • Expose the labels of specific objects
    • Alter the lables of specific objects
    • Configure SELinux to automatically label objects per security policy
    • Reset the system and confirm labels on altered objects
    • Explain security tuples
    • Use fixfiles to restore object labels on running system per security policy
  •  
  • SELinux - Type Contexts - Security Labels Applied to Objects
    • Intro to object security tuples - security labels
    • Attempt to serve HTML content using Apache in SELinux enforcing mode
    • Identify problematic object security labels
    • Serve HTML content in SELinux permissive mode
    • Use chcon to alter object security labels
    • Switch to enforcing mode & confirm the ability to serve HTML content
    • Use restorecon to restore object security context (labels)
  •  
  • SELinux - Basic Commands - Type & Domain Exposition
    • ps - reveal subjects' security context (security label) - Domains
    • ls - reveal objects' security label - Types
    • cp - preserve/inherit security labels
    • mv - preserve security labels
    • id - expose subject security label
  •  
  • SELinux - Targeted Policy - Binary
    • Explain the Targeted Policy's features
    • Discuss policy transitions for domains
    • Compare & contrast confined & unconfined states
    • Exempt Apache daemon from the auspicies of the targeted policy's confined state
    • Evaluate results after exemption
    • Explain the security contexts applied to subjects & objects
    • Peruse key targeted binary policy files
    • Identify the daemons protected by the targeted policy
    • Discuss the unconfined_t domain - subject label
  •  
  • SELinux - Targeted Policy - Source
    • Install the targeted policy source files
    • Identify & discuss TE and FC files
    • Explore file_contexts - context definition for objects
    • Discuss the file context syntax
    • Explain the purpose of using run_init to initiate SELinux-protected daemons
    • Switch between permissive & enforcing modes and evaluate behavior
    • Peruse the key files in the targeted source policy
  •  
  • SELinux - Miscellaneous Utilities - Logging
    • Use tar to archive SELinux-protected objects
    • Confirm security labels on tar-archived objects
    • Use the tar substitute 'star' to archive extended attributes(XATTRs)
    • Confirm security labels on star-archived objects
    • Discuss the role of the AVC
    • Examine SELinux logs - /var/log/messages
    • Alter Syslog configuration to route SELinux messages to an ideal location
    • Use SETools, shell-based programs to output real-time statistics
    • Install & use SEAudit graphical SELinux log-management tool
  •  
  • SELinux - RedHat® Enterprise 5.x - Exploration
    • Explore configuration & key utilities
    • Transition from 'disabled' to 'permissive' mode
    • Focus on Apache web server behavior
    • Enable UserDir functionality & test content access
    • Transition to 'enforcing' mode
    • Examine Apache behvavior in restricted environment
    • Adjust SELinux directives
    • Evaluate results
  •  
  • SELinux - Network Ports - Service Restrictions
    • Explore standard behavior
    • Configure new application bindings
    • Examine SELinux intervention
    • Rectify SELinux configuration for multiple services
    • Evaluate results
  •  
  • top
  •  

Contact Us Today

 

+1 888.573.4943

+1 646.568.7192

Have a Sales Enquiry? Please leave us a message
Send Message

Clients

  • AccuWeather
  • Actel
  • AIG
  • Alliant Energy
  • Assurant
  • AutoDesk
  • Avocent
  • Baptist Health Sys
  • Bechtel Corp
  • Bentley College
  • Blue Cross BS - MS
  • Blue Man Group
  • BNP Paribas
  • Cadence
  • CalState PolyTech
  • CALTECH
  • Canadian Forces
  • CNET
  • Computer Sciences
  • Continental Airlines
  • CPB.DHS.GOV
  • DELL
  • Dept. of Labor
  • DISA.GOV
  • DisplayTech
  • Double-Take
  • Dublin AA
  • Duke University
  • Embriq
  • FH Cancer Research
  • Fuji Film Canada
  • General Dynamics
  • Georgia Lottery
  • GIA.EDU
  • Good Year
  • Google
  • GTECH
  • Iowa State U.
  • ISAGENIX
  • Jet Propulsion Lab
  • JP Morgan Chase
  • KAUST
  • LANL.GOV
  • Liz Claiborne
  • Louisville Tech
  • Maui HPCC
  • McGill University
  • Methodist University
  • Micros
  • NATS
  • NICHIA Corp
  • NIH
  • NORDAM
  • NORTEL
  • Northrop Grumman
  • NTT Docomo
  • Ontario Power Gen.
  • OpenBet
  • OPM.GOV
  • PA State Senate
  • Park Nicollet
  • Phelps Dodge
  • Praxell
  • QinetiQ
  • Queensland U. of Tech
  • RackSpace UK
  • RCMP
  • REUTERS
  • Sanofi-Aventis
  • Sarah Lawrence
  • SecureInfo
  • SGI
  • Simon & Schuster
  • SLCC.EDU
  • Smiths Aerospace
  • Sony DADC
  • Spectra Labs
  • Symantec
  • Syracuse Research
  • Texas A&M Qatar
  • Texas Instruments
  • The Open University
  • Thomson-Reuters
  • U. of Afghanistan
  • UC San Francisco
  • UC Santa Cruz
  • UCLA
  • UMass Med School
  • Unilever
  • Unisys
  • United Nations
  • Univ. of Cambridge
  • Univ. of Maryland
  • Univ. of New Haven
  • University of Oslo
  • World Bank