-
Products
JBoss Enterprise Middleware
Developer Studio Portfolio Edition Web Framework Kit Application Platform Web Server Data Grid Portal Platform Red Hat JBoss A-MQ Red Hat JBoss Fuse SOA Platform Business Rules Management System (BRMS) Data Services Platform Messaging JBoss Operations Network JBoss Community or JBoss enterprise -
Solutions
Migration Center
Solaris to Red Hat Enterprise Linux Migration overview Migrate from your UNIX platform How to migrate to Red Hat Enterprise Linux Upgrade to the latest Red Hat Enterprise Linux release JBoss Enterprise Middleware Benefits of migrating to Red Hat Enterprise Linux Migration services Start a conversation with Red Hat -
Training
Red Hat Enterprise SELinux Policy Administration (RHS429) outline
Skills required for SELinux policy writing
Introduction to SELinux
- Discretionary access control vs. mandatory access control
- SELinux history and architecture overview
- Elements of the SELinux security model: user identity and role; domain and type; sensitivity and categories; security context
- SELinux policy and Red Hat's targeted policy
- Configuring policy with Booleans
- Archiving
- Setting and displaying extended attributes
Using SELinux
- Controlling SELinux
- File contexts
- Relabeling files and file systems
- Mount options
The Red Hat targeted policy
- Identifying and toggling protected services
- Apache security contexts and configuration Booleans
- Name service contexts and configuration Booleans
- NIS client contexts
- Other services
- File context for special directory trees
- Troubleshooting and avc denial messages
- SE troubleshooting and logging
Introduction to policies
- Policy overview and organization
- Compiling and loading the monolithic policy and policy modules
- Policy type enforcement module syntax
- Object classes
- Domain transition
Policy utilities
- Tools available for manipulating and analyzing policies: apol, seaudit and seaudit_report, checkpolicy, sepcut, sesearch, sestatus, audit2allow and audit2why, sealert, avcstat, seinfo, semanage and semodule, man pages
User and role security
- Role-based access control
- Multicategory security
- Defining a security administrator
- Multilevel security
- The strict policy
- User identification and declaration
- Role identification and declaration
- Roles in use in transitions
- Role dominance
Anatomy of a policy
- Policy macros
- Type attributes and aliases
- Type transitions
- When and how files get labeled
- restorecond
- Customizable types
Manipulating policies
- Installing and compiling policies
- The policy language
- Access vector
- SELinux logs
- Security Identifiers - SIDs
- File-system labeling behavior
- Context on network objects
- Creating and using new Booleans
- Manipulating policy by example
- Macros
- Enableaudit
Project
- Best practices
- Creating file contexts, types, and typealiases
- Editing and creating network contexts
- Editing and creating domains
Note: Course outline is subject to change with technology advances and as the nature of the underlying job evolves. For questions or confirmation on a specific objective or topic, please contact a training specialist via the web or at 1-866-626-2994.
