Search icon Close icon
Search icon CANCEL
Subscription
0
Cart icon
Cart
Close icon
You have no products in your basket yet
Save more on your purchases!
Savings automatically calculated. No voucher code required
Arrow left icon
All Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Newsletters
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
SELinux Cookbook

You're reading from  SELinux Cookbook

Product type Book
Published in Sep 2014
Publisher
ISBN-13 9781783989669
Pages 240 pages
Edition 1st Edition
Languages
Concepts
Author (1):
Sven Vermeulen Sven Vermeulen
Profile icon Sven Vermeulen
LinkedIn
Sven Vermeulen (sjvermeu on Twitter) is a long-term contributor to various free software projects and the author of several online guides and resources, including the Gentoo Handbook. He got his first taste of free software in 1997 and never looked back. Within SELinux, Sven contributed several policies to the Reference Policy project, and actively participated in policy development and user space development projects. In his daily job, Sven is an enterprise architect in a European financial institution as well as a self-employed solution engineer and consultant. Prior to this, he graduated with an MSE in computer engineering from Ghent University and an MSc in ICT enterprise architecture from IC Institute.
Read more
See other products by Sven Vermeulen
Toc

Table of Contents (17) Chapters close

SELinux Cookbook
Credits
About the Author
About the Reviewers
www.PacktPub.com
Preface
1. The SELinux Development Environment 2. Dealing with File Labels 3. Confining Web Applications 4. Creating a Desktop Application Policy 5. Creating a Server Policy 6. Setting Up Separate Roles 7. Choosing the Confinement Level 8. Debugging SELinux 9. Aligning SELinux with DAC 10. Handling SELinux-aware Applications Index

Index

A

  • abstract Unix domain socket
    • stream-connect interface, creating for / For an abstract Unix domain socket, How it works…
  • Acceptable behavior / The role of the SELinux policy
  • access privileges
    • verifying / Looking into access privileges, How it works…
  • access privileges, verifying
    • direct access inspection / Direct access inspection
    • policy manipulation / Policy manipulation
    • indirect access / Indirect access
  • Administration, logical architecture / The structural documentation
  • administrative interface
    • creating / Creating the administrative interface, How to do it…, How it works…
  • allow_execmem / How it works...
  • Apache
    • running, with right context / Running Apache with the right context
    • starting, with limited clearance / Starting Apache with limited clearance, How it works...
  • Apache eXtenSion tool
    • tasks, performing / How it works...
  • Apache virtual host support
    • URL / See also
  • Application / About SELinux
  • application-specific domains
    • building, templates used / Building application-specific domains using templates, How it works…
  • application logical design
    • researching / Researching the application's logical design
    • files / Files and directories
    • directories / Files and directories
    • network resources / Network resources
    • processes / Processes
    • hardware resource / Hardware and kernel resources
    • kernel resource / Hardware and kernel resources
  • application network access
    • governing / Governing application network access, How it works…
  • application resource interfaces
    • creating / Creating application resource interfaces
  • application role interfaces
    • defining / Defining application role interfaces, How to do it…, How it works…, There's more...
  • Artica
    • URL / See also
  • auditallow statement / How it works…
  • auditctl command / How it works…
  • audit subsystem
    • about / There's more...

B

  • backup file
    • about / Backing up and restoring files, How it works…
  • backup solution
    • selecting / How to do it…, How it works…
  • Bell-LaPadula model
    • URL / About SELinux
  • binary policy module
    • creating / The binary policy module
  • BIND 9, chroot jail
    • configuring, URL / See also
    • building, URL / See also
  • build-time policy decisions
    • adding / Adding build-time policy decisions, How it works…

C

  • -C option / How it works...
  • C
    • SELinux userland configuration, querying in / Querying SELinux userland configuration in C, How it works…, There's more...
  • capabilities
    • used, with SELinux / Configuring capabilities instead of setuid binaries, How it works…
  • chroot / Using substitution definitions
    • about / Introduction
    • assigning, to regular services / Assigning a different root location to regular services, How to do it…, How it works…, There's more...
    • used, for SELinux-aware applications / Using a different root location for SELinux-aware applications, How it works…
  • chroot() operations
    • URL / See also
  • chroot jail
    • about / Assigning a different root location to regular services
  • CISecurity Benchmark for Red Hat Enterprise Linux
    • reference / See also
  • class identifiers
    • about / Class identifiers
    • -- identifier / Class identifiers
    • -d identifier / Class identifiers
    • -l identifier / Class identifiers
    • -b identifier / Class identifiers
    • -c identifier / Class identifiers
    • -p identifier / Class identifiers
    • -s identifier / Class identifiers
  • cleanup process / Reducing exploit risks
  • clients
    • privileges, granting to / Granting privileges to all clients, How to do it…, How it works…
  • coarse-grained policy
    • about / Introduction
  • commands
    • running, with sudo / Running commands in a specified role with sudo, How it works…
    • running, with runcon command / Running commands in a specified role with runcon, How it works…
  • comment system
    • constructs, using / The in-line documentation
  • common helper domains
    • defining / Defining common helper domains, How to do it…, How it works…
  • conditional policy rules
    • adding / Adding conditional policy rules, How it works…, There's more...
  • conditional policy support
    • listing / Listing conditional policy support, How it works...
  • configuration files
    • URL / See also
  • constraints, resource-sensitivity labels / Constraints
  • constraint statements
    • URL / See also
  • context
    • processes, running in / Running new processes in a new context, How it works…, There's more...
  • context, of resource
    • reading / Reading the context of a resource, There's more...
  • context declaration / Context declaration
  • context definitions
    • setting / Setting context definitions, How it works…
  • context method / How it works…
  • contexts
    • HTTP users, mapping to / Mapping HTTP users to contexts, How to do it…
    • deciding, source address mapping used / Using source address mapping to decide on contexts, There's more...
  • cron
    • used, with SELinux / Using cron with SELinux, How it works…, There's more…
  • custom CGI domain
    • creating / Creating a custom CGI domain, How to do it…, How it works...
  • custom content types
    • using / Using custom content types, How it works...
  • customizable type / User content and customizable types, There's more...

D

  • D-Bus message flows
    • controlling / Controlling D-Bus message flows, Getting ready, How it works…, There's more...
  • database administrator (DBA) / How it works…
  • default contexts / Default types and default contexts
  • default types / Default types and default contexts
  • default_contexts file / Default types and default contexts
  • denied security-bounded transitions
    • about / Denied security-bounded transitions
  • denied transition validation
    • about / Denied transition validation
  • Desktop applications
    • about / Introduction
  • development environment
    • creating / Creating the development environment, How to do it…, How it works…
  • direct access inspection / Direct access inspection
  • directories
    • about / Files and directories
  • Docker
    • URL / See also
  • DokuWiki
    • URL / Using custom content types
  • domain definitions / Domain definitions

E

  • equivalence class / Using substitution definitions
  • exec interface
    • creating / Creating exec, run, and transition interfaces, How to do it…, How it works…
  • Expected behavior / The role of the SELinux policy

F

  • FAMOUS abbreviation / The structural documentation
  • Fedora
    • URL / Getting ready, See also
  • Feeds, logical architecture / The structural documentation
  • fgetfilecon() method / How it works…
  • file ACLs
    • user content, sharing with / Sharing user content with file ACLs, How to do it…, How it works…, There's more...
  • file contexts
    • defining, through patterns / Defining file contexts through patterns, How it works…, Path expressions, Class identifiers, There's more...
    • path expressions / Path expressions
    • order, processing / The order of processing
    • class identifiers / Class identifiers
    • context declaration / Context declaration
  • file labels
    • managing / Introduction
  • files
    • about / Files and directories
  • file transition
    • defining / How to do it…
  • file transitions
    • SELinux policy, enhancing with / Enhancing an SELinux policy with file transitions, Getting ready, How it works…, Finding the right search pattern, Patterns, There's more...
  • file_contexts.subs / Using substitution definitions
  • findcon tool / The order of processing
  • fine-grained application domain definitions
    • using / Using fine-grained application domain definitions, How to do it…
    • example / Using fine-grained application domain definitions
    • exploit risks, reducing / Reducing exploit risks
    • role management / Role management
    • type inheritance / Type inheritance and transitions
    • transitions / Type inheritance and transitions
  • fine-grained policies
    • about / Introduction
  • Flask
    • URL / About SELinux
  • four-fold
    • about / How it works…
  • ftp_shell_r role / Initial role based on entry
  • full policy replacement, resource-sensitivity labels / Full policy replacement
  • functions.sh script / How it works…

G

  • generic application domain
    • creating / Creating a generic application domain, How it works…
  • Gentoo Linux
    • URL / Getting ready
  • gen_context macro / Context declaration
  • gen_tunable declarations
    • about / How it works…
  • getcon() method / How it works…
  • getexeccon() method / There's more...
  • getpeercon() method / There's more...
  • getprevcon() method / There's more...
  • getsebool command / How it works...
  • get_default_context() method / There's more...
  • get_ordered_context_list() method / There's more...
  • get_ordered_context_list_with_role() method / There's more...
  • git tutorial
    • URL / See also
  • group membership
    • used, for role-based access / Using group membership for role-based access, How it works…
  • grsecurity
    • about / There's more...
    • URL / There's more...

H

  • hardware resource / Hardware and kernel resources
  • httpdcontent attribute / How it works
  • httpd_selinux / See also
  • HTTP users
    • mapping, to contexts / Mapping HTTP users to contexts, How to do it…

I

  • in-line documentation / The in-line documentation
  • indirect access / Indirect access
  • infrastructural resources / Infrastructural resources
  • initial SIDs / Type inheritance and transitions
  • inter-process communication (IPC) / Type inheritance and transitions
  • interface changes, SELinux policy modules / Changes in interfaces
  • interface names
    • about / How to do it…
  • invalid context
    • about / Invalid contexts
  • is_selinux_enabled() function / How it works…
  • is_selinux_mls_enabled() method / There's more...

J

  • jail
    • about / Assigning a different root location to regular services
  • Jailkit project
    • URL / See also

K

  • kdbus / There's more...
  • kernel
    • configuring / There's more...
  • kernel resource / Hardware and kernel resources
  • kernel version changes, SELinux policy modules / Kernel version changes

L

  • level method / How it works…
  • libselinux.so library / How it works…
  • libselinux library / How it works…
  • libselinux package / Checking the SELinux state programmatically
  • Linux containers
    • URL / See also
  • Linux Security Modules (LSM) / About SELinux
  • Linux user
    • mapping / SELinux users and Linux user mappings
  • Linux users
    • mapping, to SELinux users / Mapping Linux users to SELinux users, How it works…
  • location, interface definitions
    • about / The location of the interface definitions
  • logical architecture, service
    • Feeds / The structural documentation
    • Administration / The structural documentation
    • Monitoring / The structural documentation
    • Operations / The structural documentation
    • Users and rights / The structural documentation
    • Security-related features / The structural documentation
  • logical resources / Logical resources

M

  • mcstrans file / The mcstrans and setrans.conf files
  • MLS-disabled system / MLS or not
  • MLS-enabled system / MLS or not
  • MLS-enabled systems
    • operations / Setting resource-sensitivity labels
  • MLS statements
    • URL / See also
  • mod_selinux
    • setting / Setting up mod_selinux, How to do it…, How it works...
    • URL / How to do it…, See also
    • virtual hosts, separating with / Separating virtual hosts with mod_selinux, How it works...
  • mod_selinux.c file
    • about / How it works...
  • mod_selinux module
    • about / Denied security-bounded transitions
  • mod_setenvif support
    • URL / See also
  • Monitoring, logical architecture / The structural documentation

N

  • naming convention, reference policy
    • URL / Using the refpolicy naming convention
  • network / Reducing exploit risks
  • network access / The network access
  • network resources / Network resources
  • neverallow statement
    • about / Ensuring an SELinux rule is never allowed
    • including, in SELinux policy / How to do it…, How it works…
  • newrole command / How it works…
  • Normalized behavior / The role of the SELinux policy

O

  • one domain per application
    • about / Introduction
  • online research, service / Online research
  • open source virtual appliance providers
    • list / See also
  • Operations, logical architecture / The structural documentation
  • optional_policy statement
    • about / How it works…
  • order
    • processing / The order of processing
  • own interface
    • creating / Creating our own interface, How to do it…, How it works…
    • location, interface definitions / The location of the interface definitions
    • in-line documentation / The in-line documentation

P

  • ${POLICY_LOCATION} variable / How it works…
  • .pp files / Changes in interfaces
  • packet labeling
    • about / How it works...
  • path expressions / Path expressions
  • patterns
    • file contexts, defining through / Defining file contexts through patterns, How it works…, Path expressions, The order of processing, Context declaration
    • using / Patterns, There's more...
  • per-user web directories
    • URL / See also
  • Perl-Compatible Regular Expressions (PCRE) / Path expressions
  • permission issues
    • clarifying, strace used / How to do it…, How it works…
  • permissions
    • ignoring / Ignoring permissions we don't need, How it works…
  • policies
    • differentiating, based on use cases / Differentiating policies based on use cases, How it works…
  • policy
    • loading, into policy store / Loading a policy into the policy store, There's more...
    • testing / Testing and enhancing the policy, How it works…
    • enhancing / Testing and enhancing the policy, How it works…
    • role, defining / Defining a role in the policy
  • policy manipulation / Policy manipulation
  • policy source file
    • creating / The policy source file
  • polyinstantiated directories
    • enabling / Enabling polyinstantiated directories, How it works…, There's more...
  • positive policy decisions
    • logging / Logging positive policy decisions, How to do it…, How it works…
  • POSIX Capabilities & File POSIX Capabilities
    • URL / See also
  • privileges
    • documenting / Documenting common privileges, How to do it…, How it works…
    • granting, to all clients / Granting privileges to all clients, How to do it…, How it works…
  • processes / Processes
    • running, in new context / Running new processes in a new context, How it works…, There's more...

Q

  • qmgr process / Reducing exploit risks

R

  • ranged daemon domain, resource-sensitivity labels / Ranged daemon domain
  • read_file_perms / Patterns
  • Red Hat
    • URL / See also
  • reference policy API documentation
    • URL / See also
  • reference policy project
    • URL / See also, See also
  • refpolicy interfaces
    • calling / Calling refpolicy interfaces, How it works…
  • refpolicy naming convention
    • using / Using the refpolicy naming convention, How to do it…, There's more...
  • Remote_Host / There's more...
  • Request_Method / There's more...
  • Request_Protocol / There's more...
  • Request_URI / There's more...
  • resource-access interfaces
    • creating / Creating resource-access interfaces, How to do it…, How it works…
  • resource-sensitivity labels
    • setting / Setting resource-sensitivity labels, How to do it…, Full policy replacement, Constraints, See also
    • full policy replacement / Full policy replacement
    • ranged daemon domain / Ranged daemon domain
    • constraints / Constraints
  • resources
    • finding / Finding common resources, How to do it…
    • shared file locations / Shared file locations
    • user content / User content and customizable types, There's more...
    • customizable type / User content and customizable types, There's more...
  • resource types
    • selecting / Choosing resource types wisely, How to do it…
    • domain definitions / Domain definitions
    • logical resources / Logical resources
    • infrastructural resources / Infrastructural resources
  • restorecond / There's more...
  • restore file
    • about / Backing up and restoring files, How it works…
  • Reverse Polish Notation (RPN) / How it works…
  • role
    • creating / Creating a new role, How to do it…
    • defining, in policy / Defining a role in the policy
    • configuring / Initial role based on entry, How to do it…, How it works…
  • role, creating
    • role, defining in policy / Defining a role in the policy
    • role privileges, extending / Extending the role privileges
    • default types / Default types and default contexts
    • default contexts / Default types and default contexts
  • role-based access
    • group membership, using for / Using group membership for role-based access, How it works…
  • role-based access control / About SELinux
  • Role Based Access Control (RBAC) / How it works…
  • role management / Role management
  • role privileges
    • extending / Extending the role privileges
  • roles
    • about / Introduction
    • assigning, to users / Introduction
    • switching / Switching roles, How it works…
  • role transitions
    • defining / Defining role transitions, How it works…
  • runcon application / How it works…
  • runcon command / Running Apache with the right context
    • commands, running with / Running commands in a specified role with runcon, How it works…
  • run interface
    • creating / Creating exec, run, and transition interfaces, How to do it…, How it works…

S

  • sandbox environment, service / Sandbox environment
  • search pattern
    • selecting / Finding the right search pattern
  • SECMARK labeling
    • URL / See also
  • Security-related features, logical architecture / The structural documentation
  • Security Enhanced PostgreSQL (SEPostgreSQL) / Introduction
  • sefinddef function / How to do it…, How it works…
  • sefindif function / How to do it…, How it works…
  • SELinux
    • about / Introduction, About SELinux, Introduction
    • example / The example
    • analyzing / Identifying whether SELinux is to blame, How it works…
    • capabilities, using with / Configuring capabilities instead of setuid binaries, How it works…
    • cron, using with / Using cron with SELinux, How it works…, There's more…
  • SELinux-aware applications
    • chroot, used for / Using a different root location for SELinux-aware applications, How it works…
    • handling / Introduction
  • SELinux audit events
    • references / See also
  • SELinux constraints
    • overview / Looking through SELinux constraints, How to do it…, How it works…
    • references / See also
  • SELinux module
    • building / Building a simple SELinux module, Getting ready, How to do it…, How it works…, The binary policy module, There's more...
    • policy source file, creating / The policy source file
    • binary policy module, creating / The binary policy module
    • policy, loading into policy store / Loading a policy into the policy store, There's more...
  • SELinux policy
    • about / The role of the SELinux policy
    • Acceptable behavior / The role of the SELinux policy
    • Expected behavior / The role of the SELinux policy
    • Normalized behavior / The role of the SELinux policy
    • enhancing, with file transitions / Enhancing an SELinux policy with file transitions, Getting ready, How it works…
    • search pattern, selecting / Finding the right search pattern
    • patterns / Patterns, There's more...
    • neverallow statement, including in / How to do it…, How it works…
  • SELinux policy, storing
    • local/ / Creating the development environment
    • centralized/ / Creating the development environment
    • bin/ / Creating the development environment
  • SELinux Policy IDE (SLIDE)
    • about / Introduction
    • URL / Introduction
  • SELinux policy modules
    • distributing / Distributing SELinux policy modules, How it works…, MLS or not
    • interface changes / Changes in interfaces
    • kernel version changes / Kernel version changes
    • MLS-enabled system / MLS or not
    • MLS-disabled system / MLS or not
  • SELinux state
    • checking / Checking the SELinux state programmatically, How to do it…, How it works…
  • SELinux subsystem, code wise
    • interrogating / Interrogating the SELinux subsystem code-wise, How it works…, There's more...
  • SELinux userland configuration
    • querying, in C / Querying SELinux userland configuration in C, How it works…, There's more...
  • SELinux users
    • mapping / SELinux users and Linux user mappings
    • managing / Managing SELinux users, How to do it…, How it works…
    • Linux users, mapping to / Mapping Linux users to SELinux users, How to do it…
  • SELINUX_AVD_FLAGS_PERMISSIVE flag / How it works…
  • SELINUX_ERR messages
    • analyzing / Getting ready, How it works…
    • examples / How it works…
  • semanage boolean command / How it works...
  • semanage command / Getting ready
  • semanage export command / How it works…
  • semanage fcontext command / How it works…, How it works…
  • semodule command / The policy source file, Loading a policy into the policy store
  • sendmail command / Defining common helper domains
  • sensitivity categories
    • configuring / Configuring sensitivity categories, How to do it…, SELinux users and Linux user mappings, Running Apache with the right context
    • mcstrans file / The mcstrans and setrans.conf files
    • setrans.conf file / The mcstrans and setrans.conf files
    • SELinux users, mapping / SELinux users and Linux user mappings
    • Linux user, mapping / SELinux users and Linux user mappings
    • Apache, running with right context / Running Apache with the right context
  • sepolicy
    • about / There's more...
  • Server_Addr / There's more...
  • service
    • about / Understanding the service, How to do it…
    • online research / Online research
    • sandbox environment / Sandbox environment
    • structural documentation / The structural documentation, See also
  • service ownership
    • restricting / Restricting service ownership, How it works…
  • seshowdef function / How to do it…, How it works…
  • seshowif function / How it works…
  • setcon() method / There's more...
  • setexecfilecon() method / There's more...
  • setexec permission / How it works…
  • setfiles command / How it works…
  • setfscreatecon() method / There's more...
  • setrans.conf file / The mcstrans and setrans.conf files
  • setsebool command / How it works...
  • SFTP chroots
    • URL / See also
  • shared file locations / Shared file locations
  • shared memory / X11 and shared memory
  • skeleton policy
    • creating / Creating a skeleton policy, How to do it…, Type declarations, Managing files and directories, There's more...
    • type declarations / Type declarations
    • files, managing / Managing files and directories
    • directories, managing / Managing files and directories
    • X11 server / X11 and shared memory
    • shared memory / X11 and shared memory
    • network access / The network access
  • smtpd daemon / Reducing exploit risks
  • source address mapping
    • used, for deciding on contexts / Using source address mapping to decide on contexts, There's more...
  • ssh_sysadm_login / How it works…
  • strace
    • used, for clarifying permission issues / How to do it…, How it works…
    • using, against daemons / How to do it…, How it works…
    • reference / See also
  • stream-connect interface
    • creating / Creating a stream-connect interface
    • creating, for Unix domain socket with socket file / For a Unix domain socket with a socket file
    • creating, for abstract Unix domain socket / For an abstract Unix domain socket, How it works…
  • structural documentation, service / The structural documentation, See also
  • style guide, reference policy
    • URL / There's more...
  • substitution definitions
    • using / Using substitution definitions, How it works…, There's more...
  • sudo
    • commands, running with / Running commands in a specified role with sudo, How it works…
  • sudo application
    • URL / See also
  • sudo command / How it works…
  • sVirt
    • URL / See also
  • Sysdig
    • reference / See also
  • system behavior
    • auditing / Auditing system behavior, How it works…
  • SystemTap
    • reference / See also

T

  • tail command / Getting ready
  • targeted / Introduction
  • templates
    • used, for building application-specific domains / Building application-specific domains using templates, How it works…
  • tor / There's more...
  • transition interface
    • creating / Creating exec, run, and transition interfaces, How to do it…, How it works…
  • transitions / Type inheritance and transitions
  • Turnkey Linux
    • URL / See also
  • type declarations / Type declarations
  • type enforcement / About SELinux
  • type inheritance / Type inheritance and transitions
  • type transition / Enhancing an SELinux policy with file transitions

U

  • udev / There's more...
  • udev's SELinux integration
    • about / Understanding udev's SELinux integration, How it works…
  • Unix domain socket, with socket file
    • stream-connect interface, creating for / For a Unix domain socket with a socket file
  • use cases
    • policies, differentiating / Differentiating policies based on use cases, How it works…
  • User Based Access Control (UBAC)
    • about / Type declarations
  • user content / User content and customizable types, There's more...
    • sharing, with file ACLs / Sharing user content with file ACLs, How to do it…, How it works…, There's more...
  • user directory support
    • enabling / Enabling user directory support, How to do it…, There's more...
  • userdom_admin_user_template / Defining a role in the policy
  • userdom_base_user_template / Defining a role in the policy
  • userdom_common_user_template / Defining a role in the policy
  • userdom_login_user_template / Defining a role in the policy
  • userdom_restricted_user_template / Defining a role in the policy
  • userdom_unpriv_user_template / Defining a role in the policy
  • user method / How it works…
  • Users and rights, logical architecture / The structural documentation
  • user space object managers / Introduction

V

  • Vagrant
    • URL / See also
  • virtual hosts
    • separating, with mod_selinux / Separating virtual hosts with mod_selinux, How it works...

W

  • web applications
    • about / Introduction
  • web content types
    • assigning / Assigning web content types, How it works, There's more...
  • web server ports
    • using / Using different web server ports, How to do it…, How it works...

X

  • X11 server / X11 and shared memory
  • XDGBDS
    • URL / See also
lock icon The rest of the chapter is locked
arrow left Previous Section
Section 1 of 1
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Sign up now
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Start free trial
Renews at €14.99/month. Cancel anytime}

Authors (1)

Left arrow icon
Profile icon Sven Vermeulen
LinkedIn
Sven Vermeulen (sjvermeu on Twitter) is a long-term contributor to various free software projects and the author of several online guides and resources, including the Gentoo Handbook. He got his first taste of free software in 1997 and never looked back. Within SELinux, Sven contributed several policies to the Reference Policy project, and actively participated in policy development and user space development projects. In his daily job, Sven is an enterprise architect in a European financial institution as well as a self-employed solution engineer and consultant. Prior to this, he graduated with an MSE in computer engineering from Ghent University and an MSc in ICT enterprise architecture from IC Institute.
Read more
See other products by Sven Vermeulen
Right arrow icon

Personalised recommendations for you

Based on your interests and search pattern
Left arrow icon
Designing and Implementing Microsoft Azure Networking Solutions
Designing and Implementing Microsoft Azure Networking Solutions
Read more
Designing and Implementing Microsoft Azure Networking Solutions Exam Ref AZ-700 is an all-encompassing guide to the AZ-700 exam and contains all the information you need to succeed in the world of virtual networking with Azure. With this book, you will be fully prepared for the exam and the world of cloud networking.
Read more
Aug 2023 17 hours 28 minutes
Microsoft 365 Security, Compliance, and Identity Administration
Microsoft 365 Security, Compliance, and Identity Administration
Read more
The Microsoft 365 Security, Compliance, and Identity Administration is a comprehensive guide that helps you employ Microsoft 365's robust suite of features and empowers you to optimize your administrative tasks.
Read more
Aug 2023 21 hours 0 minutes
Zero Trust Overview and Playbook Introduction
Zero Trust Overview and Playbook Introduction
Read more
Get started on Zero Trust with this step-by-step playbook and learn everything you need to know for a successful Zero Trust journey with tailored guidance for every role, covering strategy, operations, architecture, implementation, and measuring success. This book will become an indispensable reference for everyone in your organization.
Read more
Oct 2023 8 hours 0 minutes
The Self-Taught Cloud Computing Engineer
The Self-Taught Cloud Computing Engineer
Read more
This self-study book helps you master multiple clouds, including AWS, Azure, and GCP, and serves as a roadmap to becoming a certified cloud computing expert. The book will guide you to develop a professional cloud career by helping you build a broad cloud knowledge base, developing hands-on cloud computing skills, and getting cloud certified.
Read more
Sep 2023 15 hours 44 minutes
Technology Operating Models for Cloud and Edge
Technology Operating Models for Cloud and Edge
Read more
This book will help you build and create ownership of a technology operating model, as well as connect your leadership with engineering and operations, keeping your internal and external customers in mind. It provides practical tips on why, where, and how to make the cloud and edge platform paradigm sing for you, your team, and your organization.
Read more
Aug 2023 7 hours 36 minutes
Azure Architecture Explained
Azure Architecture Explained
Read more
Azure is the preferred platform to build mission-critical and secure apps. This book provides comprehensive coverage of essential Azure products, services, and solutions vital for every solution architect's success. Elevate your knowledge and master the critical components of Azure to excel in your role with Azure Architecture Explained.
Read more
Sep 2023 14 hours 52 minutes
Pentesting Active Directory and Windows-based Infrastructure
Pentesting Active Directory and Windows-based Infrastructure
Read more
This practical guide helps you explore the pentesting of Microsoft infrastructure in detail, and enhances your offensive skillset by showing you the different ways to perform security assessment. This book will help blue teamers and IT engineers get up to speed with possible security issues they may encounter in their Windows environments.
Read more
Nov 2023 12 hours 0 minutes
Practical Ansible
Practical Ansible
Read more
In Practical Ansible, you'll work with the latest release of Ansible and learn to solve complex issues quickly with the help of task-oriented scenarios. You'll start by installing and configuring Ansible to automate monotonous and repetitive IT tasks and get to grips with concepts such as playbooks, inventories, plugins, collections, and network modules.
Read more
Sep 2023 14 hours 0 minutes
Windows 11 for Enterprise Administrators
Windows 11 for Enterprise Administrators
Read more
Microsoft’s launch of Windows 11 is a step toward satisfying the enterprise administrator’s needs for better management and enhanced user experience customization. This book provides the enterprise administrator with the knowledge needed to fully utilize the advanced feature set of Windows 11 Enterprise.
Read more
Oct 2023 9 hours 32 minutes
The Linux DevOps Handbook
The Linux DevOps Handbook
Read more
This book is for software and IT professionals seeking knowledge on Linux systems and DevOps practices. This book will provide you with guidance and tools to learn and gain proficiency in managing Linux-based infrastructures and knowledge of DevOps.
Read more
Nov 2023 14 hours 16 minutes
Right arrow icon