SELinux cookbook : over 70 hands-on recipes to develop fully functional policies to confine your applications and users using SELinux

SELinux cookbook over 70 hands-on recipes to develop fully functional policies to confine your applications and users using SELinux

If you are a Linux system administrator or a Linux-based service administrator and want to fine-tune SELinux to implement a supported, mature, and proven access control system, then this book is for you. Basic experience with SELinux enabled distributions is expected.

Bibliographic Details
Other Authors: Vermeulen, Sven, author (author), Santhan, Sarath, cover designer (cover designer)
Format: eBook
Language:Inglés
Published: Birmingham, England : Packt Publishing 2014.
Edition:1st edition
Subjects:
Linux.
Computer networks > Security measures.
See on Biblioteca Universitat Ramon Llull:https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009628760606719
Table of Contents:
  • Cover; Copyright; Credits; About the Author; About the Reviewers; www.PacktPub.com; Table of Contents; Preface; Chapter 1: The SELinux Development Environment; Introduction; Creating the development environment; Building a simple SELinux module; Calling refpolicy interfaces; Creating our own interface; Using the refpolicy naming convention; Distributing SELinux policy modules; Chapter 2: Dealing with File Labels; Introduction; Defining file contexts through patterns; Using substitution definitions; Enhancing an SELinux policy with file transitions; Setting resource-sensitivity labels
  • Configuring sensitivity categoriesChapter 3: Confining Web Applications; Introduction; Listing conditional policy support; Enabling user directory support; Assigning web content types; Using different web server ports; Using custom content types; Creating a custom CGI domain; Setting up mod_selinux; Starting Apache with limited clearance; Mapping HTTP users to contexts; Using source address mapping to decide on contexts; Separating virtual hosts with mod_selinux; Chapter 4: Creating a Desktop Application Policy; Introduction; Researching the application''s logical design
  • Creating a skeleton policySetting context definitions; Defining application role interfaces; Testing and enhancing the policy; Ignoring permissions we don''t need; Creating application resource interfaces; Adding conditional policy rules; Adding build-time policy decisions; Chapter 5: Creating a Server Policy; Introduction; Understanding the service; Choosing resource types wisely; Differentiating policies based on use cases; Creating resource-access interfaces; Creating exec, run, and transition interfaces; Creating a stream-connect interface; Creating the administrative interface
  • Chapter 6: Setting Up Separate RolesIntroduction; Managing SELinux users; Mapping Linux users to SELinux users; Running commands in a specified role with sudo; Running commands in a specified role with runcon; Switching roles; Creating a new role; Initial role based on entry; Defining role transitions; Looking into access privileges; Chapter 7: Choosing the Confinement Level; Introduction; Finding common resources; Defining common helper domains; Documenting common privileges; Granting privileges to all clients; Creating a generic application domain
  • Building application-specific domains using templatesUsing fine-grained application domain definitions; Chapter 8: Debugging SELinux; Introduction; Identifying whether SELinux is to blame; Analyzing SELINUX_ERR messages; Logging positive policy decisions; Looking through SELinux constraints; Ensuring an SELinux rule is never allowed; Using strace to clarify permission issues; Using strace against daemons; Auditing system behavior; Chapter 9: Aligning SELinux with DAC; Introduction; Assigning a different root location to regular services
  • Using a different root location for SELinux-aware applications

Similar Items