LinuxCBT.com

Syllabus

Focus: Security Enhanced Linux

Duration: 10-Hours

  • SELinux Security - Module IV

    • Access Control Models
      • Describe Access Control Model (ACM) theories (DAC/MAC/nDAC)
      • Explain features & shortcomings of Discretionary Access Control (DAC) models
      • Identify key DAC-based utilities
      • Discuss the advantages & caveats of Mandatory Access Control (MAC)models
      • Explore DAC-based programs
    •  
    • SELinux - Basics
      • Discuss subjectsobjects
      • Explain how SELinux is implemented in 2.6.x-based kernels
      • Confirm SELinux support in the kernel
      • Identify key SELinux packages
      • Use sestatus to obtain the current SELinux mode
      • Discuss subject & object labeling
      • Describe the 3 SELinux operating modes
      • Identify key utilities & files, which dictate the current SELinux operating mode
      • Focus on the features of SELinux permissive mode
      • Explore the boot process as it relates to SELinux

    • SELinux - Object Labeling
      • Discuss subject & object labeling
      • Discuss the role of extended attributes (XATTRs)
      • Expose the labels of specific objects
      • Alter the lables of specific objects
      • Configure SELinux to automatically label objects per security policy
      • Reset the system and confirm labels on altered objects
      • Explain security tuples
      • Use fixfiles to restore object labels on running system per security policy
    •  
    • SELinux - Type Contexts - Security Labels Applied to Objects
      • Intro to object security tuples - security labels
      • Attempt to serve HTML content using Apache in SELinux enforcing mode
      • Identify problematic object security labels
      • Serve HTML content in SELinux permissive mode
      • Use chcon to alter object security labels
      • Switch to enforcing mode & confirm the ability to serve HTML content
      • Use restorecon to restore object security context (labels)
    •  
    • SELinux - Basic Commands - Type & Domain Exposition
      • ps - reveal subjects' security context (security label) - Domains
      • ls - reveal objects' security label - Types
      • cp - preserve/inherit security labels
      • mv - preserve security labels
      • id - expose subject security label
    •  
    • SELinux - Targeted Policy - Binary
      • Explain the Targeted Policy's features
      • Discuss policy transitions for domains
      • Compare & contrast confined & unconfined states
      • Exempt Apache daemon from the auspicies of the targeted policy's confined state
      • Evaluate results after exemption
      • Explain the security contexts applied to subjects & objects
      • Peruse key targeted binary policy files
      • Identify the daemons protected by the targeted policy
      • Discuss the unconfined_t domain - subject label
    •  
    • SELinux - Targeted Policy - Source
      • Install the targeted policy source files
      • Identify & discuss TE and FC files
      • Explore file_contexts - context definition for objects
      • Discuss the file context syntax
      • Explain the purpose of using run_init to initiate SELinux-protected daemons
      • Switch between permissive & enforcing modes and evaluate behavior
      • Peruse the key files in the targeted source policy
    •  
    • SELinux - Miscellaneous Utilities - Logging
      • Use tar to archive SELinux-protected objects
      • Confirm security labels on tar-archived objects
      • Use the tar substitute 'star' to archive extended attributes(XATTRs)
      • Confirm security labels on star-archived objects
      • Discuss the role of the AVC
      • Examine SELinux logs - /var/log/messages
      • Alter Syslog configuration to route SELinux messages to an ideal location
      • Use SETools, shell-based programs to output real-time statistics
      • Install & use SEAudit graphical SELinux log-management tool
    •  
    • SELinux - RedHat® Enterprise 5.x - Exploration
      • Explore configuration & key utilities
      • Transition from 'disabled' to 'permissive' mode
      • Focus on Apache web server behavior
      • Enable UserDir functionality & test content access
      • Transition to 'enforcing' mode
      • Examine Apache behvavior in restricted environment
      • Adjust SELinux directives
      • Evaluate results
    •  
    • SELinux - Network Ports - Service Restrictions
      • Explore standard behavior
      • Configure new application bindings
      • Examine SELinux intervention
      • Rectify SELinux configuration for multiple services
      • Evaluate results
    •  

LinuxCBT SELinux Edition

  •  
DEMO