Cargando…
SELinux System Administration - Third Edition Implement Mandatory Access Control to Secure Applications, Users, and Information Flows on Linux.
| Clasificación: | Libro Electrónico |
|---|---|
| Autor principal: | |
| Formato: | Electrónico eBook |
| Idioma: | Inglés |
| Publicado: |
Birmingham :
Packt Publishing, Limited,
2020.
|
| Edición: | 3rd ed. |
| Temas: | |
| Acceso en línea: | Texto completo (Requiere registro previo con correo institucional) |
Tabla de Contenidos:
- Cover
- Title Page
- Copyright and Credits
- About Packt
- Contributors
- Table of Contents
- Preface
- Section 1: Using SELinux
- Chapter 1: Fundamental SELinux Concepts
- Technical requirements
- Providing more security for Linux
- Introducing Linux Security Modules (LSM)
- Extending regular DAC with SELinux
- Restricting root privileges
- Reducing the impact of vulnerabilities
- Enabling SELinux support
- Labeling all resources and objects
- Dissecting the SELinux context
- Enforcing access through types
- Granting domain access through roles
- Limiting roles through users
- Controlling information flow through sensitivities
- Defining and distributing policies
- Writing SELinux policies
- Distributing policies through modules
- Bundling modules in a policy store
- Distinguishing between policies
- Supporting MLS
- Dealing with unknown permissions
- Supporting unconfined domains
- Limiting cross-user sharing
- Incrementing policy versions
- Different policy content
- Summary
- Questions
- Chapter 2: Understanding SELinux Decisions and Logging
- Technical requirements
- Switching SELinux on and off
- Setting the global SELinux state
- Switching to permissive or enforcing mode
- Using kernel boot parameters
- Disabling SELinux protections for a single service
- Understanding SELinux-aware applications
- SELinux logging and auditing
- Following audit events
- Tuning the AVC
- Uncovering more logging
- Configuring Linux auditing
- Configuring the local system logger
- Reading SELinux denials
- Other SELinux-related event types
- Using ausearch
- Getting help with denials
- Troubleshooting with setroubleshoot
- Sending emails when SELinux denials occur
- Using audit2why
- Interacting with systemd-journal
- Using common sense
- Summary
- Questions
- Chapter 3: Managing User Logins
- Technical requirements
- User-oriented SELinux contexts
- SELinux users and roles
- Listing SELinux user mappings
- Mapping logins to SELinux users
- Customizing logins for services
- Creating SELinux users
- Listing accessible domains
- Managing categories
- Handling SELinux roles
- Defining allowed SELinux contexts
- Validating contexts with getseuser
- Switching roles with newrole
- Managing role access through sudo
- Reaching other domains using runcon
- Switching to the system role
- SELinux and PAM
- Assigning contexts through PAM
- Prohibiting access during permissive mode
- Polyinstantiating directories
- Summary
- Questions
- Chapter 4: Using File Contexts and Process Domains
- Technical requirements
- Introduction to SELinux file contexts
- Getting context information
- Interpreting SELinux context types
- Keeping or ignoring contexts
- Inheriting the default contexts
- Querying transition rules
- Copying and moving files
- Temporarily changing file contexts
- Placing categories on files and directories