SELinux is an acronym for Security-Enhanced Linux. It is a Linux kernel security module that provides the mandatory access control to increase the security of the system.
Chapter 1 : Fundamental SELinux Concepts
Security-Enhanced Linux (SELinux) is a kernel module that can be used to enhance the security of Linux. It provides a mechanism for supporting access control security policies, which are made up of rules that can be specified in terms of fine-grained object labels.
Labeling all resources and objects
Defining and distributing policies
Distinguishing between policies
Chapter 2 : SELinux Decisions and Logging
It has been developed to provide mandatory access control that could be applied to the entire operating system as well as individual processes, files, directories, etc.
Chapter 3 : Managing User Logins
User logins can be a major pain point for companies. Ensuring that the right person is logged in and maintaining security and privacy for the account owners can be difficult tasks.
User-oriented SELinux contexts
Chapter 4 : Using File Contexts and Process Domains
File contexts are used to categorize the characteristics of a file itself. Process domains are used to categorize the processes that can be used to produce or manipulate a given file.
Introduction to SELinux file contexts
SELinux file context expressions
Limiting the scope of transitions
Types, permissions, and constraints
Chapter 5 : Controlling Network Communications
Network communication is a very important aspect of a computer system. It allows the user to access information from a remote location.
Controlling process communications
Linux firewalling and SECMARK support
Securing high-speed InfiniBand networks
Understanding labeled networking
Using labeled IPsec with SELinux
Supporting CIPSO with NetLabel and SELinux
Chapter 6 : SELinux through Infrastructure-as-Code
Infrastructure-as-Code is a software development methodology that defines and manages the process of infrastructure through its code. It allows for better automation, monitoring and integration with other systems.
Introducing the target settings and policies
Using Ansible for SELinux system administration
Utilizing SaltStack to configure SELinux
Automating system management with Puppet
Wielding Chef for system automation
Chapter 7 : Application-Specific SELinux Controls
SELinux controls provide a unique approach to security. The SELinux process starts when the kernel loads the policy, which determines how processes are handled in three different contexts: user, role, and domain.
Tuning systemd services, logging, and device management
Chapter 8 : Extending PostgreSQL with SELinux
PostgresSQL can be extended by integrating it with SELinux to provide security features which are not found in other databases.
Introducing PostgreSQL and sepgsql
SELinux’s database-specific object classes and permissions
Integrating SEPostgreSQL into the network
Chapter 9 : Secure Virtualization
Virtualization is a process of abstracting physical resources to create and manage virtual computers and their resources in a virtualized environment.
Understanding SELinux-secured virtualization
Enhancing libvirt with SELinux support
Chapter 10 : Using Xen Security Modules with FLASK
Xen Security Modules are a crucial part of the security for Xen virtualization. The Flask security architecture offers three levels of authorization: access, privilege and control.
Chapter 11 : Security of Containerized Workloads
Containers are a type of technology that packages an application with all of its dependencies in a single package. Containers allow developers to isolate their applications from one another in order to avoid conflicts and dependency issues.
SELinux with systemd’s container support
Chapter 12 : Tuning SELinux Policies
SELinux is a kernel module that implements access control security policies, including what actions each process can perform, based on the identity of the subjects. SELinux operates as a mandatory access control security module.
Replacing and updating policies
Chapter 13 : Analyzing Policy Behavior
SELinux is a protection system, which uses access control mechanisms in order to ensure that trusted applications are only able to access the data that they need and nothing more.
Performing single-step analysis
Investigating domain transitions
Chapter 14 : Dealing with New Applications
Security-Enhanced Linux (SELinux) is a Linux kernel security module that provides a mechanism for supporting access control security policies and allows for separation and confinement of processes.
Running applications without restrictions
Assigning common policies to new applications
Chapter 15 : Using the Reference Policy
The SELinux Reference Policy is a type of policy that provides a reference for Linux system administrators who are responsible for configuring their systems. It is not recommended to use the Reference Policy as the single source of truth.
Introducing the reference policy
Creating application-level policies
Getting help with supporting tools
Chapter 16 : Developing Policies with SELinux CIL
One way SELinux CIL can be used in the workforce is by creating policies for a given domain. The goal of this section will be to develop a policy for the domain that we have selected – “Non-sensitive data.”
Creating fine-grained definitions
Building complete application policies
Kumar Satish started his career as a Unix and Linux System Engineer in 2011. Kumar has professiona experience with CentOS, RedHat, Ubuntu, and Debian. He enjoys teaching others how to use and exploit the power of the Linux operating system.