Cargando…
SELinux System Administration : ward off traditional security permissions and effectively secure your Linuxs systems with SELinux /
Annotation
| Clasificación: | Libro Electrónico |
|---|---|
| Autor principal: | |
| Formato: | Electrónico eBook |
| Idioma: | Inglés |
| Publicado: |
Birmingham, UK :
Packt Publishing,
2016.
|
| Edición: | Second edition. |
| Temas: | |
| Acceso en línea: | Texto completo Texto completo |
Tabla de Contenidos:
- Cover ; Credits; About the Author; About the Reviewers; www.PacktPub.com; Table of Contents; Preface; Chapter 1: Fundamental SELinux Concepts ; Providing more security to Linux; Using Linux security modules; Extending regular DAC with SELinux; Restricting root privileges; Reducing the impact of vulnerabilities; Enabling SELinux support; Labeling all resources and objects; Dissecting the SELinux context; Enforcing access through types; Granting domain access through roles; Limiting roles through users; Controlling information flow through sensitivities; Defining and distributing policies.
- Writing SELinux policiesDistributing policies through modules; Bundling modules in a policy store; Distinguishing between policies; Supporting MLS; Dealing with unknown permissions; Supporting unconfined domains; Limiting cross-user sharing; Incrementing policy versions; Different policy content; Summary; Chapter 2: Understanding SELinux Decisions and Logging ; Switching SELinux on and off; Setting the global SELinux state; Switching to permissive (or enforcing) mode; Using kernel boot parameters; Disabling SELinux protections for a single service; Understanding SELinux-aware applications.
- SELinux logging and auditingFollowing audit events; Uncovering more logging; Configuring Linux auditing; Configuring the local system logger; Reading SELinux denials; Other SELinux-related event types; USER_AVC; SELINUX_ERR; MAC_POLICY_LOAD; MAC_CONFIG_CHANGE; MAC_STATUS; NetLabel events; Labeled IPsec events; Using ausearch; Getting help with denials; Troubleshooting with setroubleshoot; Sending e-mails when SELinux denials occur; Using audit2why; Interacting with systemd-journal; Using common sense; Summary; Chapter 3: Managing User Logins ; User-oriented SELinux contexts.
- Understanding domain complexityQuerying for unconfined domains; SELinux users and roles; Listing SELinux user mappings; Mapping logins to SELinux users; Customizing logins towards services; Creating SELinux users; Listing accessible domains; Managing categories; Handling SELinux roles; Defining allowed SELinux contexts; Validating contexts with getseuser; Switching roles with newrole; Managing role access through sudo; Reaching other domains using runcon; Switching to the system role; SELinux and PAM; Assigning contexts through PAM; Prohibiting access during permissive mode.
- Polyinstantiating directoriesSummary; Chapter 4: Process Domains and File-Level Access Controls ; About SELinux file contexts; Getting context information; Interpreting SELinux context types; Keeping or ignoring contexts; Inheriting the default context; Querying transition rules; Copying and moving files; Temporarily changing file contexts; Placing categories on files and directories; Using multilevel security on files; Backing up and restoring extended attributes; Using mount options to set SELinux contexts; SELinux file context expressions; Using context expressions.