You're reading from SELinux System Administration, Third Edition Implement mandatory access control to secure applications, users, and information flows on Linux

Product type Paperback

Published in Dec 2020

Publisher Packt

ISBN-13 9781800201477

Length 458 pages

Edition 3rd Edition

Tools

Docker

Concepts

System Administration

Author (1):

Sven Vermeulen

View More author details

Table of Contents (22) Chapters

Preface

1. Section 1: Using SELinux

2. Chapter 1: Fundamental SELinux Concepts FREE CHAPTER

3. Chapter 2: Understanding SELinux Decisions and Logging

4. Chapter 3: Managing User Logins

5. Chapter 4: Using File Contexts and Process Domains

6. Chapter 5: Controlling Network Communications

7. Chapter 6: Configuring SELinux through Infrastructure-as-Code Orchestration

8. Section 2: SELinux-Aware Platforms

9. Chapter 7: Configuring Application-Specific SELinux Controls

10. Chapter 8: SEPostgreSQL – Extending PostgreSQL with SELinux

11. Chapter 9: Secure Virtualization

12. Chapter 10: Using Xen Security Modules with FLASK

13. Chapter 11: Enhancing the Security of Containerized Workloads

14. Section 3: Policy Management

15. Chapter 12: Tuning SELinux Policies

16. Chapter 13: Analyzing Policy Behavior

17. Chapter 14: Dealing with New Applications

18. Chapter 15: Using the Reference Policy

19. Chapter 16: Developing Policies with SELinux CIL

20. Assessments

21. Other Books You May Enjoy

Leave a review - let other readers know what you think

What this book covers

Chapter 1, Fundamental SELinux Concepts, provides fundamental insights into the SELinux technology and allows you to understand the differences between SELinux implementations.

Chapter 2, Understanding SELinux Decisions and Logging, teaches you how to analyze SELinux events, and how to configure system logging to facilitate SELinux troubleshooting.

Chapter 3, Managing User Logins, allows you to manage Linux users and associate them with the right SELinux context.

Chapter 4, Using File Contexts and Process Domains, explains how SELinux labels are exposed on the system, and how to change the SELinux context of files and resources.

Chapter 5, Controlling Network Communications, introduces SELinux access control protections on a network level, ranging from socket-based protection measures to packet filtering with SELinux.

Chapter 6, Configuring SELinux through Infrastructure-as-Code Orchestration, shows you how to configure SELinux settings across large-scale environments using automation and orchestration tooling.

Chapter 7, Configuring Application-Specific SELinux Controls, explains how SELinux is adopted by several applications to augment their security posture further.

Chapter 8, SEPostgreSQL – Extending PostgreSQL with SELinux, helps you learn how to enable SEPostgreSQL in a regular PostgreSQL deployment, and how to use the SELinux controls within the database engine.

Chapter 9, Secure Virtualization, uses libvirt and other virtualization technologies together with SELinux to further protect and isolate virtual guests from each other.

Chapter 10, Using Xen Security Modules with FLASK, teaches you how Xen uses an SELinux-like approach to isolate its guests using Xen Security Modules, and how administrators can tweak and tune isolation further.

Chapter 11, Enhancing the Security of Containerized Workloads, shows how container platforms such as Docker, podman, and Kubernetes use SELinux as a means to secure the host system from potentially untrusted containers and provide isolation between containers.

Chapter 12, Tuning SELinux Policies, expands on SELinux booleans and their effect on the system and shows how to deal with different SELinux policy modules.

Chapter 13, Analyzing Policy Behavior, explains how administrators and analysts can interpret the SELinux policy and use policy analysis tooling to learn what a policy will allow.

Chapter 14, Dealing with New Applications, informs you how to apply SELinux on new applications that are not yet supported by the current SELinux policies.

Chapter 15, Using the Reference Policy, explains how to use the reference policy to create and adjust SELinux policies.

Chapter 16, Developing Policies with SELinux CIL, introduces you to the Common Intermediate Language and how to apply it to develop custom policies.