ISBN-10: 0131963694
ISBN-13: 9780131963696
Publisher: Prentice Hall
Copyright: 2007
Format: Paper; 456 pp
Published: 07/27/2006
Suggested retail price: $44.99
Buy from myPearsonStore
SELinux: Bring World-Class Security to Any Linux Environment!
SELinux offers Linux/UNIX integrators, administrators, and developers a state-of-the-art platform for building and maintaining highly secure solutions. Now that SELinux is included in the Linux 2.6 kernel—and delivered by default in Fedora Core, Red Hat Enterprise Linux, and other major distributions—it’s easier than ever to take advantage
of its benefits.
SELinux by Example is the first complete, hands-on guide to using SELinux in production environments. Authored by three leading SELinux researchers and developers, it illuminates every facet of working with SELinux, from its architecture and security object model to its policy language. The book thoroughly explains SELinux sample policies— including the powerful new Reference Policy—showing how to quickly adapt them to your unique environment. It also contains a comprehensive SELinux policy language reference and covers exciting new features in Fedora Core 5 and the upcoming Red Hat Enterprise Linux version 5.
• Thoroughly understand SELinux’s access control and security mechanisms
• Use SELinux to construct secure systems from the ground up
• Gain fine-grained control over kernel resources
• Write policy statements for type enforcement, roles, users, and constraints
• Use optional multilevel security to enforce information classification and manage users with diverse clearances
• Create conditional policies that can be changed on-the-fly
• Define, manage, and maintain SELinux security policies
• Develop and write new SELinux security policy modules
• Leverage emerging SELinux technologies to gain even greater flexibility
• Effectively administer any SELinux system
An overview to the concepts and architecture of the NSA's SELinux, with its advanced security and control.
- Develope a deep understanding of SELinux, and learn to effectively use SELinux.
- Explore tools and techniques for writing effective SELinux policies.
- Understand how to use SELinux to build secure systems.
Front Matter i
Preface xix
Chapter 1: Background 3
Chapter 2: Concepts 15
Chapter 3: Architecture 39
Chapter 4: Object Classes and Permissions 59
Chapter 5: Type Enforcement 89
Chapter 6: Roles and Users 129
Chapter 7: Constraints 149
Chapyer 8: Multilevel Security 163
Chapter 9: Conditional Policies 183
Chapter 10: Object Labeling 205
Chapter 11: Original Example Policy 239
Chapter 12: Reference Policy 265
Chapter 13: Managing an SELinux System 295
Chapter 14: Writing Policy Modules 325
Appendix A: Obtaining SELinux Sample Policies 363
Appendix B: Participation and Further Information 369
Appendix C: Object Classes and Permissions 375
Appendix D: SELinux Commands and Utilities 401
Index 409
"The three authors are well versed in the topic and comprise the best team to write on SELinux that you could find. Even though it is written as a straightforward text - as opposed to a study guide - I appreciate how each chapter ends with a summary and then exercises to reinforce what you've just finished reading. "--Emmett Dulaney, Editor, UnixReview.com
"This is a very good book and is easily the best I've seen yet on the subject of SELinux. If you've been tasked with maintaining an SELinux-enabled machine, would like to write or enhance existing SELinux policy, or just want to understand what SELinux is and how it came to be, then this is the book for you. "--Ryan Maple, Reviewer, LinuxSecurity.com
Frank Mayer is cofounder and Chief Technology Officer of Tresys Technology, and has 23 years of experience in the design, development, and analysis of secure operating systems. He has been an active contributor to SELinux for six years, and has initiated and participated in the development of many new SELinux innovations and tools. He also chairs the annual SELinux Symposium. Frank has published many papers on secure and trustworthy operating systems, and has also explored security in parallel computing, networks, and enterprise applications.
Karl MacMillan is an active contributor in the SELinux community and has led the development of many important SELinux features. He is also a sought after speaker and consultant, and has helped many individuals and organizations understand and apply strong computer security with SELinux. Previous to his work on SELinux, Karl made important contributions in the fields of pattern recognition and evolutionary computing as applied to document and audio recognition, where he has numerous published papers.
David Caplan is a senior security engineer at Tresys Technology with over 20 years of experience in computer security and a wide range of other programming- and software-related areas. He has worked with SELinux for six years as a contributor to many of the SELinux-related open source projects and has led multiple efforts in analyzing and constructing SELinux policy for a variety of systems.
SELinux: Bring World-Class Security to Any Linux Environment!
SELinux offers Linux/UNIX integrators, administrators, and developers a state-of-the-art platform for building and maintaining highly secure solutions. Now that SELinux is included in the Linux 2.6 kernel—and delivered by default in Fedora Core, Red Hat Enterprise Linux, and other major distributions—it’s easier than ever to take advantage
of its benefits.
SELinux by Example is the first complete, hands-on guide to using SELinux in production environments. Authored by three leading SELinux researchers and developers, it illuminates every facet of working with SELinux, from its architecture and security object model to its policy language. The book thoroughly explains SELinux sample policies— including the powerful new Reference Policy—showing how to quickly adapt them to your unique environment. It also contains a comprehensive SELinux policy language reference and covers exciting new features in Fedora Core 5 and the upcoming Red Hat Enterprise Linux version 5.
• Thoroughly understand SELinux’s access control and security mechanisms
• Use SELinux to construct secure systems from the ground up
• Gain fine-grained control over kernel resources
• Write policy statements for type enforcement, roles, users, and constraints
• Use optional multilevel security to enforce information classification and manage users with diverse clearances
• Create conditional policies that can be changed on-the-fly
• Define, manage, and maintain SELinux security policies
• Develop and write new SELinux security policy modules
• Leverage emerging SELinux technologies to gain even greater flexibility
• Effectively administer any SELinux system
Pearson Higher Education offers special pricing when you choose to package your text with other student resources. If you're interested in creating a cost-saving package for your students, contact your Pearson Higher Education representative for pricing and ordering information.
Pearson Higher Education offers special pricing when you choose to package your text with other student resources. If you're interested in creating a cost-saving package for your students contact your Pearson Higher Education representative.