Mastering Security-Enhanced Linux (SELinux)

English | MP4 | AVC 1280×720 | AAC 44KHz 2ch | 101 Lessons (5h 22m) | 1.01 GB

Sander van Vugt is an independent Linux trainer, author, and consultant living in the Netherlands. Sander is the author of the best-selling Red Hat Certified System Administrator (RHCSA) Complete Video Course and the Red Hat Certified Engineer (RHCE) Complete Video Course. He has also written numerous books about different Linux-related topics and many articles for Linux publications around the world. Sander has been teaching Red Hat, Linux+, and LFCS classes since 1994. As a consultant, he specializes in Linux high-availability solutions and performance optimization.

Table of Contents

Mastering Security-Enhanced Linux (SELinux) Introduction

Lesson 1 Mandatory Access Control
Learning objectives
Working of SELinux
Requiring Mandatory Access Control
Understanding SELinux and Discretionary Access Control
Lesson 1 Lab Exploring SELinux Settings

Lesson 2 Enabling SELinux
Learning objectives
Managing States and Modes on Red Hat
Installing SELinux on Ubuntu
Understanding Policies
Lesson 2 Lab Managing SELinux States

Lesson 3 Understanding Context Labels
Learning objectives
Showing Context Labels
Understanding When to Set Context labels
Using the audit.log to Examine Issues
Understanding Context Inheritance
Lesson 3 Lab Examining SELinux events
Lesson 3 Lab Solution Examining SELinux events

Lesson 4 Managing Context Labels
Learning objectives
Finding the Right Context
Setting Context on Files
Setting Context on Ports
Using Customizable Types
Configuring a Non-default Apache DocumentRoot
Lesson 4 Lab Running SSH on Port 443
Lesson 4 Lab Solution Running SSH on Port 443

Lesson 5 Using Booleans
Learning objectives
Understanding Booleans
Using Booleans
Finding Booleans
Lesson 5 Lab Configuring vsftpd for Anonymous Uploads
Lesson 5 Lab Solution Configuring vsftpd for Anonymous Uploads

Lesson 6 Troubleshooting SELinux
Learning objectives
Troubleshooting SELinux Issues
Understanding the Audit Logs
Understanding Dontaudit Rules
Using audit2allow
Using sealert
Loading SELinux Manually
Lesson 6 Lab Troubleshooting SELinux
Lesson 6 Lab Solution Troubleshooting SELinux

Lesson 7 Analysing Booleans and Rules
Learning objectives
Analyzing the Policy
Using sesearch
Using seinfo
Finding What a Domain can Do
Analyzing Booleans
Analyzing Transition Rules
Lesson 7 Lab Investigating Booleans
Lesson 7 Lab Solution Investigating Booleans

Lesson 8 SELinux Modules
Learning objectives
Managing Modules
Writing Custom Modules
Generating Custom Modules
Lesson 8 Lab Enabling your Application with Modules
Lesson 8 Lab Solution Enabling your Application with Modules

Lesson 9 Making Any Application work with SELinux
Learning objectives
Understanding Options for Running Custom Applications
Using Unconfined Domains
Using runcon ro Run Applications with a Specific Context
Using sepolgen to generate Application Policy Modules
Lesson 9 Lab Running any Application on an SELinux System
Lesson 9 Lab Solution Running any Application on an SELinux System

Lesson 10 SELinux Users
Learning objectives
Understanding Users and Roles
Mapping Linux Users to SELinux Users
Using Booleans to Manage SELinux Users
Restricting Root
Lesson 10 Lab Creating a Kiosk User
Lesson 10 Lab Solution Creating a Kiosk User

Lesson 11 Using Multi-Level Security (MLS)
Learning objectives
Understanding MLS and MCS
Enabling an MLS Policy
Creating a user with a Clearance Level
Understanding What Needs to be done on Directories
Lesson 11 Lab Using MLS
Lesson 11 Lab Solution Using MLS

Lesson 12 Using Multi-Category Security (MCS)
Learning objectives
Understanding MCS
Grouping Users and Applications with MCS
Combining MLS and MCS
Lesson 12 Lab Configuring MCS
Lesson 12 Lab Solution Configuring MCS

Lesson 13 SELinux and Containers
Learning objectives
Understanding Container SELinux Needs
Configuring Container Storage Access
Using udica to Configure Container Access
Lesson 13 Lab Configuring SELinux for Containers
Lesson 13 Lab Solution Configuring SELinux for Containers

Lesson 14 Using Ansible to Manage SELinux
Learning objectives
Using SELinux Ansible modules
Using the RHEL System Role to Manage SELinux
Lesson 14 Lab Using Ansible to manage SELinux
Lesson 14 Lab Solution Using Ansible to manage SELinux

