Mastering Security-Enhanced Linux (SELinux)

Mastering Security-Enhanced Linux (SELinux)

by Sander van Vugt
Released September 2023
Publisher(s): Pearson
ISBN: 0138282692

Watch it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Video description

5+ Hours of Video Instruction

Everything you’ll ever need to know about SELinux!

Overview:

Mastering Security-Enhanced Linux (SELinux) is your full training to understand and use SELinux. SELinux is a valuable addition to the standard Linux security options that makes your Linux distribution secure. The course starts with the basics of SELinux and goes deeper into more advanced topics like SELinux and Multi-Level Security or (MLS) and Multi-Category Security (MCS) and managing SELinux with Ansible. It also has in-depth coverage about SELinux in containerized environments. It has labs throughout so you can see SELinux in real time and practice as you learn.

Main features of the course are:

  • Understand when SELinux and how it is needed
  • Learn how to troubleshoot problems occurring because of SELinux
  • Make your application work with SELinux
  • Implement military grade security using SELinux MLS and MCS

This course is also a full resource for learners who want to thoroughly understand SELinux while preparing for any Red Hat Enterprise Linux related exam, as well as application developers and administrators who want to over the highest possible level of security by using SELinux.

Related Learning:

Sign up for live training classes by Sander van Vugt:

Topics included in this course:

  • SELinux Fundamentals covers basic concepts like mandatory access control, how to enable SELinux, understanding context labels, managing context labels and how to use Booleans.
  • Analyzing SELinux teaches how to analyze SELinux by covering troubleshooting and showing how to analyze Booleans and rules.
  • Using Custom Applications with SELinux shows custom applications with SELinux and covers working with SELinux modules, and how to make any application work with SELinux.
  • Military Grade Security with SELinux users and MLS offers three lessons about the best kind of protection and security that SELinux has to offer. It covers how SELinux can be used in military organization and covers topics of SELinux users, how to manage multi-level security and how to use multi-category security.
  • Configuring SELinux for containers explains how to make a containerized environment absolutely secure by adding SELinux.
  • Managing SELinux with Ansible covers how to secure containers with SELinux, and how to manage SELinux with Ansible.

About the Instructor:

Sander van Vugt has many years of experience working with, writing about, and teaching Linux and Open-Source topics. He is the author of the best-selling Red Hat RHCSA and RHCE Cert Guides as well as a number of other titles on Kubernetes (including CKAD and CKA), Ansible, Containers, Bash, Microservices, and more. Sander also works as a Linux and DevOps instructor, teaching onsite and online classes for customers around the world.

Skill Level:

  • Beginner

Learn How To:

  • Understand SELinux
  • Monitor SELinux behavior
  • Manage SELinux Context Labels
  • Manage SELinux Booleans
  • Troubleshoot SELinux
  • Create SELinux Policy Modules
  • Secure Containers with SELinux
  • Make Any Application work with SELinux

Course requirement:

  • Install and configure a lab environment. This can be a Linux virtual machine that runs in virtualization software on the participants own computer, using software like VMware Workstation or Oracle VirtualBox, or on a dedicated computer. https://learning.oreilly.com/videos/red-hat-certified/9780134723990/
  • Install a virtual or physical machine with a recent version of either Red Hat Enterprise Linux, CentOS Stream, Rocky Linux or Fedora.

Who Should Take This Course:

  • DevOps Engineers
  • DevSecOps Engineers
  • Software Developers
  • IT Administrators
  • IT Architects
  • Hybrid Cloud Administrators
  • Students preparing for any Red Hat exam

About Pearson Video Training:

Pearson publishes expert-led video tutorials covering a wide selection of technology topics designed to teach you the skills you need to succeed. These professional and personal technology videos feature world-leading author instructors published by your trusted technology brands: Addison-Wesley, Cisco Press, Pearson IT Certification, Sams, and Que Topics include: IT Certification, Network Security, Cisco Technology, Programming, Web Development, Mobile Development, and more. Learn more about Pearson Video training at http://www.informit.com/video.

Table of contents

  1. Introduction
    1. Mastering Security-Enhanced Linux (SELinux): Introduction
  2. Module 1: SELinux Fundamentals
    1. Module introduction
  3. Lesson 1: Mandatory Access Control
    1. Learning objectives
    2. 1.1 Working of SELinux
    3. 1.2 Requiring Mandatory Access Control
    4. 1.3 Understanding SELinux and Discretionary Access Control
    5. Lesson 1 Lab Exploring SELinux Settings
    6. Lesson 1 Lab Solution Exploring SELinux Settings
  4. Lesson 2: Enabling SELinux
    1. Learning objectives
    2. 2.1 Managing States and Modes on Red Hat
    3. 2.2 Installing SELinux on Ubuntu
    4. 2.3 Understanding Policies
    5. Lesson 2 Lab Managing SELinux States
    6. Lesson 2 Lab Solution Managing SELinux States
  5. Lesson 3: Understanding Context Labels
    1. Learning objectives
    2. 3.1 Showing Context Labels
    3. 3.2 Understanding When to Set Context labels
    4. 3.3 Using the audit.log to Examine Issues
    5. 3.4 Understanding Context Inheritance
    6. Lesson 3 Lab Examining SELinux events
    7. Lesson 3 Lab Solution Examining SELinux events
  6. Lesson 4: Managing Context Labels
    1. Learning objectives
    2. 4.1 Finding the Right Context
    3. 4.2 Setting Context on Files
    4. 4.3 Setting Context on Ports
    5. 4.4 Using Customizable Types
    6. 4.5 Configuring a Non-default Apache DocumentRoot
    7. Lesson 4 Lab Running SSH on Port 443
    8. Lesson 4 Lab Solution Running SSH on Port 443
  7. Lesson 5: Using Booleans
    1. Learning objectives
    2. 5.1 Understanding Booleans
    3. 5.2 Using Booleans
    4. 5.3 Finding Booleans
    5. Lesson 5 Lab Configuring vsftpd for Anonymous Uploads
    6. Lesson 5 Lab Solution Configuring vsftpd for Anonymous Uploads
  8. Module 2: Analyzing SELinux
    1. Module introduction
  9. Lesson 6: Troubleshooting SELinux
    1. Learning objectives
    2. 6.1 Troubleshooting SELinux Issues
    3. 6.2 Understanding the Audit Logs
    4. 6.3 Understanding Dontaudit Rules
    5. 6.4 Using audit2allow
    6. 6.5 Using sealert
    7. 6.6 Loading SELinux Manually
    8. Lesson 6 Lab Troubleshooting SELinux
    9. Lesson 6 Lab Solution Troubleshooting SELinux
  10. Lesson 7: Analysing Booleans and Rules
    1. Learning objectives
    2. 7.1 Analyzing the Policy
    3. 7.2 Terminology
    4. 7.3 Using sesearch
    5. 7.4 Using seinfo
    6. 7.5 Finding What a Domain can Do
    7. 7.6 Analyzing Booleans
    8. 7.7 Analyzing Transition Rules
    9. Lesson 7 Lab Investigating Booleans
    10. Lesson 7 Lab Solution Investigating Booleans
  11. Module 3: Using Custom Applications with SELinux
    1. Module introduction
  12. Lesson 8: SELinux Modules
    1. Learning objectives
    2. 8.1 Managing Modules
    3. 8.2 Writing Custom Modules
    4. 8.3 Generating Custom Modules
    5. Lesson 8 Lab Enabling your Application with Modules
    6. Lesson 8 Lab Solution Enabling your Application with Modules
  13. Lesson 9: Making Any Application work with SELinux
    1. Learning objectives
    2. 9.1 Understanding Options for Running Custom Applications
    3. 9.2 Using Unconfined Domains
    4. 9.3 Using run-on to Run Applications with a Specific Context
    5. 9.4 Using sepolgen to generate Application Policy Modules
    6. Lesson 9 Lab Running any Application on an SELinux System
    7. Lesson 9 Lab Solution Running any Application on an SELinux System
  14. Module 4: Military Grade Security with SELinux users and MLS
    1. Module introduction
  15. Lesson 10: SELinux Users
    1. Learning objectives
    2. 10.1 Understanding Users and Roles
    3. 10.2 Mapping Linux Users to SELinux Users
    4. 10.3 Using Booleans to Manage SELinux Users
    5. 10.4 Restricting Root
    6. Lesson 10 Lab Creating a Kiosk User
    7. Lesson 10 Lab Solution Creating a Kiosk User
  16. Lesson 11: Using Multi-Level Security (MLS)
    1. Learning objectives
    2. 11.1 Understanding MLS and MCS
    3. 11.2 Enabling an MLS Policy
    4. 11.3 Creating a user with a Clearance Level
    5. 11.4 Understanding What Needs to be done on Directories
    6. Lesson 11 Lab Using MLS
    7. Lesson 11 Lab Solution Using MLS
  17. Lesson 12: Using Multi-Category Security (MCS)
    1. Learning objectives
    2. 12.1 Understanding MCS
    3. 12.2 Grouping Users and Applications with MCS
    4. 12.3 Combining MLS and MCS
    5. Lesson 12 Lab Configuring MCS
    6. Lesson 12 Lab Solution Configuring MCS
  18. Module 5: SELinux, Containers, and Ansible
    1. Module introduction
  19. Lesson 13: SELinux and Containers
    1. Learning objectives
    2. 13.1 Understanding Container SELinux Needs
    3. 13.2 Configuring Container Storage Access
    4. 13.3 Using udica to Configure Container Access
    5. Lesson 13 Lab Configuring SELinux for Containers
    6. Lesson 13 Lab Solution Configuring SELinux for Containers
  20. Lesson 14: Using Ansible to Manage SELinux
    1. Learning objectives
    2. 14.1 Using SELinux Ansible modules
    3. 14.2 Using the RHEL System Role to Manage SELinux
    4. Lesson 14 Lab Using Ansible to manage SELinux
    5. Lesson 14 Lab Solution Using Ansible to manage SELinux
  21. Summary
    1. Mastering Security-Enhanced Linux (SELinux): Summary

Product information

  • Title: Mastering Security-Enhanced Linux (SELinux)
  • Author(s): Sander van Vugt
  • Release date: September 2023
  • Publisher(s): Pearson
  • ISBN: 0138282692