SELinux 8hours

Class aptent taciti sociosqu ad litora torquent per conubia nostra, per inceptos himenaeos. Sed molestie, velit ut eleifend sollicitudin, neque orci tempor nulla, id sagittis nisi ante nec arcu.

Chapter 1 : Fundamental SELinux Concepts

Duis egestas aliquet aliquet. Maecenas erat eros, fringilla et leo eget, viverra pretium nulla. Quisque sed augue tincidunt, posuere dui tempor, dapibus nisi. Donec vel lectus sapien.

Security for Linux

Labeling all resources and objects

Defining and distributing policies

Distinguishing between policies

Questions

45min.

Chapter 2 : SELinux Decisions and Logging

Duis egestas aliquet aliquet. Maecenas erat eros, fringilla et leo eget, viverra pretium nulla. Quisque sed augue tincidunt, posuere dui tempor, dapibus nisi. Donec vel lectus sapien.

Switching SELinux on and off

SELinux logging and auditing

Getting help with denials

Questions

45min.

Chapter 3 : Managing User Logins

Duis egestas aliquet aliquet. Maecenas erat eros, fringilla et leo eget, viverra pretium nulla. Quisque sed augue tincidunt, posuere dui tempor, dapibus nisi. Donec vel lectus sapien.

User-oriented SELinux contexts

SELinux users and roles

Handling SELinux roles

SELinux and PAM

Questions

45min.

Chapter 4 : Using File Contexts and Process Domains

Duis egestas aliquet aliquet. Maecenas erat eros, fringilla et leo eget, viverra pretium nulla. Quisque sed augue tincidunt, posuere dui tempor, dapibus nisi. Donec vel lectus sapien.

Introduction to SELinux file contexts

Keeping or ignoring contexts

SELinux file context expressions

Modifying file contexts

The context of a process

Limiting the scope of transitions

Types, permissions, and constraints

Questions

45min.

Chapter 5 : Controlling Network Communications

Duis egestas aliquet aliquet. Maecenas erat eros, fringilla et leo eget, viverra pretium nulla. Quisque sed augue tincidunt, posuere dui tempor, dapibus nisi. Donec vel lectus sapien.

Controlling process communications

Linux firewalling and SECMARK support

Securing high-speed InfiniBand networks

Understanding labeled networking

Using labeled IPsec with SELinux

Supporting CIPSO with NetLabel and SELinux

Questions

45min.

Chapter 6 : SELinux through Infrastructure-as-Code

Duis egestas aliquet aliquet. Maecenas erat eros, fringilla et leo eget, viverra pretium nulla. Quisque sed augue tincidunt, posuere dui tempor, dapibus nisi. Donec vel lectus sapien.

Introducing the target settings and policies

Using Ansible for SELinux system administration

Utilizing SaltStack to configure SELinux

Automating system management with Puppet

Wielding Chef for system automation

Questions

45min.

Chapter 7 : Application-Specific SELinux Controls

Duis egestas aliquet aliquet. Maecenas erat eros, fringilla et leo eget, viverra pretium nulla. Quisque sed augue tincidunt, posuere dui tempor, dapibus nisi. Donec vel lectus sapien.

Tuning systemd services, logging, and device management

Communicating over D-Bus

Configuring PAM services

Using mod_selinux with Apache

Questions

45min.

Chapter 8 : Extending PostgreSQL with SELinux

Duis egestas aliquet aliquet. Maecenas erat eros, fringilla et leo eget, viverra pretium nulla. Quisque sed augue tincidunt, posuere dui tempor, dapibus nisi. Donec vel lectus sapien.

Introducing PostgreSQL and sepgsql

SELinux’s database-specific object classes and permissions

Using MCS and MLS

Integrating SEPostgreSQL into the network

Questions

45min.

Chapter 9 : Secure Virtualization

Duis egestas aliquet aliquet. Maecenas erat eros, fringilla et leo eget, viverra pretium nulla. Quisque sed augue tincidunt, posuere dui tempor, dapibus nisi. Donec vel lectus sapien.

Understanding SELinux-secured virtualization

Enhancing libvirt with SELinux support

Using Vagrant with libvirt

Questions

45min.

Chapter 10 : Using Xen Security Modules with FLASK

Duis egestas aliquet aliquet. Maecenas erat eros, fringilla et leo eget, viverra pretium nulla. Quisque sed augue tincidunt, posuere dui tempor, dapibus nisi. Donec vel lectus sapien.

Understanding Xen and XSM

Running XSM-enabled Xen

Applying custom XSM policies

Questions

45min.

Chapter 11 : Security of Containerized Workloads

Duis egestas aliquet aliquet. Maecenas erat eros, fringilla et leo eget, viverra pretium nulla. Quisque sed augue tincidunt, posuere dui tempor, dapibus nisi. Donec vel lectus sapien.

SELinux with systemd’s container support

Configuring podman

Kubernetes’ SELinux support

Questions

45min.

Chapter 12 : Tuning SELinux Policies

Duis egestas aliquet aliquet. Maecenas erat eros, fringilla et leo eget, viverra pretium nulla. Quisque sed augue tincidunt, posuere dui tempor, dapibus nisi. Donec vel lectus sapien.

Working with SELinux booleans

Handling policy modules

Replacing and updating policies

Questions

45min.

Chapter 13 : Analyzing Policy Behavior

Duis egestas aliquet aliquet. Maecenas erat eros, fringilla et leo eget, viverra pretium nulla. Quisque sed augue tincidunt, posuere dui tempor, dapibus nisi. Donec vel lectus sapien.

Performing single-step analysis

Investigating domain transitions

Analyzing information flow

Comparing policies

Questions

45min.

Chapter 14 : Dealing with New Applications

Duis egestas aliquet aliquet. Maecenas erat eros, fringilla et leo eget, viverra pretium nulla. Quisque sed augue tincidunt, posuere dui tempor, dapibus nisi. Donec vel lectus sapien.

Running applications without restrictions

Using sandboxed applications

Assigning common policies to new applications

Extending generated policies

Questions

45min.

Chapter 15 : Using the Reference Policy

Duis egestas aliquet aliquet. Maecenas erat eros, fringilla et leo eget, viverra pretium nulla. Quisque sed augue tincidunt, posuere dui tempor, dapibus nisi. Donec vel lectus sapien.

Introducing the reference policy

Using the policy macros

Creating application-level policies

Adding user-level policies

Getting help with supporting tools

Questions

45min.

Chapter 16 : Developing Policies with SELinux CIL

Duis egestas aliquet aliquet. Maecenas erat eros, fringilla et leo eget, viverra pretium nulla. Quisque sed augue tincidunt, posuere dui tempor, dapibus nisi. Donec vel lectus sapien.

Introducing CIL

Creating fine-grained definitions

Building complete application policies

Questions

45min.

Satish Kumar

Kumar Satish

Instructor

Kumar Satish started his career as a Unix and Linux System Engineer in 2011. Kumar has professiona experience with CentOS, RedHat, Ubuntu, and Debian. He enjoys teaching others how to use and exploit the power of the Linux operating system.