SELinux Administration

Published time : 22/11/2019 21:59

SELinux Administration

SELinux Administration

Session 1. Introduction to SELinux

SELinux Introduction
- What is SELinux and how it works?
Access Control Mechanisms
Labels, Contexts and Type Enforcement
Basic Terminology
- Users, Roles, Subjects, Objects, Domains and Types
SELinux Policy and Policy Organization
- Confined and Unconfined Domain, Type Enforcement and Policy Behavior
SELinux Administration – Settings and Modes
SELinux Configuration, SELinux Status
SELinux Features and Benefits
SELinux is not

Session 2. Getting Started with SELinux

Boot Options for SELinux
Enabling user home directories
SELinux Settings for User Home Directories
Targeted Policy Protected Services
Default list of SELinux Protected Services
File Context for Special Directory Trees
Setting Persistent SELinux Contexts on Directory Trees.
Example: ftp server with non default directory

Session 3. SELinux Booleans

SELinux Booleans
Why a Service doesn't work?
Boolean Values
Service Categories of SELinux Booleans
Booleans with SELinux Management Tool
CLI V/s GUI Filter
Boolean Settings do not stand alone
SELinux directives for HTTP Services, Name Service, MariaDB, NFS, Samba and SSH

Session 4. Troubleshooting

Identify the Problem - SELinux Audits
Using
ausearch
and
sealert
Using
audit2allow
Utility
SELinux Troubleshoot Browser
The setroubleshootd
- Installation, configuration and working
Sending e-mails
Testing setroubleshoot functionality
Binding sshd on a non standard port
SELinux Logging - Interacting with systemd-journal
Policy Rules V/s other Options

Lab 1. Exploring CGI scripts

Session 5. SELinux Policies

SELinux Policy
Policy Organization
Confined and Unconfined Domain
SELinux Policy Behavior
Configuring a Policy with semanage
Example
- SELinux Port Labeling
- Managing Ports with Semanage
- Using Semanage Permissive
- Limiting flows based on the network interface
Generating Policy files for Deployment
Handling device files
Setting a SELinux label on a device node

Lab 2. Understanding policies

Session 6. Working with SELinux Policies

SELinux Policy Language
Source Policy Modules in a Monolithic Policy
Loadable Policy Modules
Building and Installing Monolithic Policies
Build and load process for SELinux policy
The make Targets
Generating Policy files for Deployment
Supported user templates with sepolgen
Handling device files
Using udev Rules
Setting a SELinux label on a device node

Lab 3. Modifying an existing policy

Session 7. Building and Loading SELinux Policies

Downloading and Installing the source and preparing the build area
Build the base policy package
Compiling the Monolithic Policy
Loading the Monolithic Policy
Compiling Policy Modules
Loading Policy Modules
Policy Type-Enforcement Module Syntax
Policy Type-Enforcement Module Example

Lab 4 Compiling and Building Base Policy from Source

Lab 5 - Using fixfiles Script and Setting mount contexts

Session 8. Working with semodule and Object Classes

High Level SELinux Architecture
semodule
Object Classes and Permissions
Defining common Permissions
Examples

Session 9. Policy Utilities

seaudit, seaudit_report, checkpolicy, sesearch,
sestatus, audit2allow, audit2why,
sealert, avcstat, seinfo and semanage

Session 10. User and Role Security

Role-based Access Control
Multi Category Security - MCS
Multi Category Security: translation and login
The chcat - change file security category
Defining a SecurityAdministrator: sudo, chcat and root

Lab 6. Role Based Policy Restrictions

Session 11. MLS, Users, Roles, Domain Transition, Macros and Types

Multi-Level Security - MLS
The strict Policy
General Identification
User Identification: system_u, users_u and root, Declaring Users
Role Identification - Role Dominance
Domain Transition
Polyinstantiation of Directories
Policy Macros
Types : Enforcement, Attributes, Aliases and Transitions for Objects
restorecond
Customizable Types

Lab 7 Creating a new types

Session 12 Contexts, Policies, Access Vector, Logs and Booleans

File Contexts
Manipulating Policies
Access Vector
Security Identifiers-SIDs
Statements: fs_use_* and genfscon
Context on network objects
Booleans: Creating and using new booleans
Enableaudit

Lab 8. Creating Policy Module

Lab 9 Mount Options and Custom port for squid

Project

Task 1. Create File Contexts, Create File Types, Create File Typealiases
Task 2. Edit or Create Network Contexts
Task 3. Domains - Create Domains: Macros, Building and Enhancing

(4.45)

21 Courses

178 Students

2901 Reviews

Ram Niwas Sangwan

I have spent 27 years in IT Industry as an Educationist. I have been a software developer/corporate trainer and an information systems specialist with a record of developing and supporting solutions incorporating a wide range of applications. I have an entrepreneurial-mindset and a track record of success in recognizing opportunities spanning more than 26 years. Developing innovative and creative approaches, I have trained top level executives of companies driving revenue growth and enhancing long-term profitability. I have been motivating my team to ensure project success and on-time delivery. I, have time and again proven my ability at managing multiple priorities in fast-paced environments.
Businessman Leading a team of Professionals in the Area of Digital Marketing, Website Design and Development, Software Development with more than 1200 Satisfied Client. Currently I am managing My Own Production Servers with more than 500 Live Websites and Launching my Dream Project www.theskillpedia.com after working on for more than 4 Years.