SELinux View Larger Image | Bill McCarty
O'Reilly Media, Paperback, Published October 2004, 238 pages, ISBN 0596007167 | List Price: $39.95
Our Price: $32.50
You Save: $7.45 (19% Off)
| | | Availability: In-Stock |
Be the First to Write a Review and tell the world about this title!People who purchase this book frequently purchase: Books on similar topics, in best-seller order:Books from the same publisher, in best-seller order:
The intensive search for a more secure operating system has often left everyday,
production computers far behind their experimental, research cousins. Now SELinux
(Security Enhanced Linux) dramatically changes this. This best-known and most
respected security-related extension to Linux embodies the key advances of the
security field. Better yet, SELinux is available in widespread and popular distributions
of the Linux operating system--including for Debian, Fedora, Gentoo, Red Hat Enterprise
Linux, and SUSE--all of it free and open source.
SELinux emerged from research by the National Security Agency and implements
classic strong-security measures such as role-based access controls, mandatory
access controls, and fine-grained transitions and privilege escalation following
the principle of least privilege. It compensates for the inevitable buffer overflows
and other weaknesses in applications by isolating them and preventing flaws
in one application from spreading to others. The scenarios that cause the most
cyber-damage these days--when someone gets a toe-hold on a computer through
a vulnerability in a local networked application, such as a Web server, and
parlays that toe-hold into pervasive control over the computer system--are prevented
on a properly administered SELinux system.
The key, of course, lies in the words "properly administered." A
system administrator for SELinux needs a wide range of knowledge, such as the
principles behind the system, how to assign different privileges to different
groups of users, how to change policies to accommodate new software, and how
to log and track what is going on. And this is where SELinux is invaluable.
Author Bill McCarty, a security consultant who has briefed numerous government
agencies, incorporates his intensive research into SELinux into this small but
information-packed book. Topics include:
- A readable and concrete explanation of SELinux concepts and the SELinux
security model
- Installation instructions for numerous distributions
- Basic system and user administration
- A detailed dissection of the SELinux policy language
- Examples and guidelines for altering and adding policies
With SELinux, a high-security computer is within reach of any system administrator.
If you want an effective means of securing your Linux system--and who doesn't?--this
book provides the means.
Table of Contents
Preface
1. Introducing SELinux
Software Threats and the Internet
SELinux Features
Applications of SELinux
SELinux History
Web and FTP sites
2. Overview of the SELinux Security Model
Subjects and Objects
Security Contexts
Transient and Persistent Objects
Access Decisions
Transition Decisions
SELinux Architecture
3. Installing and Initially Configuring SELinux
SELinux Versions
Installing SELinux
Linux Distributions Supporting SELinux
Installation Overview
Installing SELinux from Binary or Source Packages
Installing SELinux to an Existing Gentoo Linux System
Installing from Source
4. Using and Administering SELinux
System Modes and SELinux Tuning
Controlling SELinux
Routine SELinux System Use and Administration
Monitoring SELinux
Troubleshooting SELinux
5. SELinux Policy and Policy Language Overview
The SELinux Policy
Two Forms of an SELinux Policy
Anatomy of a Simple SELinux Policy Domain
SELinux Policy Structure
The flask Subdirectory
The macros Subdirectory
The file_contexts Subdirectory
The types Subdirectory
The domains Subdirectory
The appconfig Subdirectory
The Policy Source Directory
6. Role-Based Access Control
The SELinux Role-Based Access Control Model
Railroad Diagrams
SELinux Policy Syntax
User Declarations
Role-Based Access Control (RBAC) Declarations
7. Type Enforcement
The SELinux Type-Enforcement Model
Review of SELinux Policy Syntax
Type-Enforcement (TE) Declarations
Examining a Sample Policy
8. Ancillary Policy Statements
Constraint Declarations
Other Context-Related Declarations
Flask-Related Declarations
9. Customizing SELinux Policies
The SELinux Policy Source Tree
On the Topics of Difficulty and Discretion
Using the SELinux Makefile
Creating an SELinux User
Customizing Roles
Adding Permissions
Allowing a User Access to an Existing Domain
Creating a New Domain
Using Audit2allow
Policy Management Tools
The Road Ahead
A. Security Object Classes
B. SELinux Operations
C. SELinux Macros Defined in the src/policy/macros Directory
D. SELinux General Types
E. SELinux Type Attributes
Index
About the Author
Bill McCarty is associate professor of management information
systems in the School of Business and Management of Azusa Pacific University,
Azusa, California, and was previously associate professor of computer science,
in which capacity he taught for ten years in Azusa Pacific's Master of Applied
Computer Science program. Bill holds a Ph.D. in the management of information
systems from the Claremont Graduate University, Claremont, California, and worked
for 15 years as a software developer and manager.
|
