Security Enhanced Linux

RHS429 - SELinux Policy Administration


Descrição:

RHS429 introduces advanced system administrators, security administrators, and applications programmers to SELinux policy writing. Participants in this course will learn how SELinux works; how to manage SELinux; and how to write an SELinux policy. This class culiminates in a major project to scope out and then write policies for previously unprotected services.

Tópicos:
  • Unit 1 - Introduction to SELinux
    • Discretionary Access Control vs. Mandatory Access Control
    • SELinux History and Architecture Overview
    • Elements of the SELinux security model:
      • user identity and role
      • domain and type
      • sensitivity and categories
      • security context
    • SELinux Policy and Red Hat's Targeted Policy
    • Configuring Policy with Booleans
    • Archiving
    • Setting and Displaying Extended Attributes
    • Hands-on Lab: Understanding SELinux

  • Unit 2 - Using SELinux
    • Controlling SELinux
    • File Contexts
    • Relabeling Files and Filesystems
    • Mount options
    • Hand-on Lab: Working with SELinux

  • Unit 3 - The Red Hat Targeted Policy
    • Identifying and Toggling Protected Services
    • Apache Security Contexts and Configuration Booleans
    • Name Service Contexts and Configuration Booleans
    • NIS Client Contexts
    • Other Services
    • File Context for Special Directory Trees
    • Troubleshooting and avc Denial Messages
    • setroubleshootd and Logging
    • Hands-on Lab: Understanding and Troubleshooting the Red Hat Targeted Policy

  • Unit 4 - Introduction to Policies
    • Policy Overview and Organization
    • Compiling and Loading the Monolithic Policy and Policy Modules
    • Policy Type Enforcement Module Syntax
    • Object Classes
    • Domain Transition
    • Hands-on Lab: Understanding policies

  • Unit 5 - Policy Utilities
    • Tools available for manipulating and analyzing policies:
      • apol
      • seaudit and seaudit_report
      • checkpolicy
      • sepcut
      • sesearch
      • sestatus
      • audit2allow and audit2why
      • sealert
      • avcstat
      • seinfo
      • semanage and semodule
      • Man pages
    • Hands-on Lab: Exploring Utilities

  • Unit 6 - User and Role Security
    • Role-based Access Control
    • Multi Category Security
    • Defining a Security Administrator
    • Multi-Level Security
    • The strict Policy
    • User Identification and Declaration
    • Role Identification and Declaration
    • Roles in Use in Transitions
    • Role Dominance
    • Hands-on Lab: Implementing User and Role Based Policy Restrictions

  • Unit 7 - Anatomy of a Policy
    • Policy Macros
    • Type Attributes and Aliases
    • Type Transitions
    • When and How do Files Get Labeled
    • restorecond
    • Customizable Types
    • Hands-on Lab: Building Policies

  • Unit 8 - Manipulating Policies
    • Installing and Compiling Policies
    • The Policy Language
    • Access Vector
    • SELinux logs
    • Security Identifiers - SIDs
    • Filesystem Labeling Behavior
    • Context on Network Objects
    • Creating and Using New Booleans
    • Manipulating Policy by Example
    • Macros
    • Enableaudit
    • Hands-on Lab: Compiling Policies

  • Unit 9 - Project
    • Best practices
    • Create File Contexts, Types and Typealiases
    • Edit and Create Network Contexts
    • Edit and Create Domains
    • Hands-on Lab: Editing and Writing Policy

Duração: 32 horas

Red Hat
Oracle
Sun
Furukawa
Prometric

Contato

End:    

Av. Protásio Alves, 2561 conj. 603
Petrópolis - Porto Alegre/RS

Fone:

+55 51 3392-2809


© 2009 Todos os direitos reservados

Depoimentos

Confira no link abaixo, depoimentos de parceiros, fornecedores e alunos que participaram de treinamentos conosco.
Através do nosso formulário de contato, você pode enviar o seu depoimento, sugestão ou crítica para a Fontoura Education.

[clique aqui para ver os depoimentos]

Links