Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Mastering Linux Security and Hardening

You're reading from   Mastering Linux Security and Hardening Protect your Linux systems from intruders, malware attacks, and other cyber threats

Arrow left icon
Product type Paperback
Published in Feb 2020
Publisher
ISBN-13 9781838981778
Length 666 pages
Edition 2nd Edition
Tools
Arrow right icon
Author (1):
Arrow left icon
Donald A. Tevault Donald A. Tevault
Author Profile Icon Donald A. Tevault
Donald A. Tevault
Arrow right icon
View More author details
Toc

Table of Contents (20) Chapters Close

Preface 1. Section 1: Setting up a Secure Linux System
2. Running Linux in a Virtual Environment FREE CHAPTER 3. Securing User Accounts 4. Securing Your Server with a Firewall - Part 1 5. Securing Your Server with a Firewall - Part 2 6. Encryption Technologies 7. SSH Hardening 8. Section 2: Mastering File and Directory Access Control (DAC)
9. Mastering Discretionary Access Control 10. Access Control Lists and Shared Directory Management 11. Section 3: Advanced System Hardening Techniques
12. Implementing Mandatory Access Control with SELinux and AppArmor 13. Kernel Hardening and Process Isolation 14. Scanning, Auditing, and Hardening 15. Logging and Log Security 16. Vulnerability Scanning and Intrusion Detection 17. Security Tips and Tricks for the Busy Bee 18. Assessments 19. Other Books You May Enjoy

Setting security contexts for files and directories

Think of SELinux as a glorified labeling system. It adds labels, known as security contexts, to files and directories through extended file attributes. It also adds the same type of label, known as domains, to system processes. To see these contexts and domains on your CentOS machines, use the -Z option with either ls or ps. For example, files and directories in my own home directory would look like the following:

[donnie@localhost ~]$ ls -Z
drwxrwxr-x. donnie donnie unconfined_u:object_r:user_home_t:s0 acl_demo_dir
-rw-rw-r--. donnie donnie unconfined_u:object_r:user_home_t:s0 yum_list.txt
[donnie@localhost ~]$

Processes on my system would look something like the following:

[donnie@localhost ~]$ ps -Z
LABEL PID TTY TIME CMD
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 1322 pts/0 00:00...
lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image