-
Products
-
Solutions
By IT challenge
Application development Enterprise application integration Interoperability Operational efficiency Security VirtualizationMigration Center
Migrate to Red Hat Enterprise Linux Systems management Upgrading to Red Hat Enterprise Linux JBoss Enterprise Middleware IBM AIX to Red Hat Enterprise Linux HP-UX to Red Hat Enterprise Linux Solaris to Red Hat Enterprise Linux UNIX to Red Hat Enterprise Linux Start a conversation with Red Hat Migration services
Red Hat Enterprise SELinux Policy Administration (RHS429)
Skills required for SELinux policy writing
Introduction to SELinux
Discretionary access control vs. mandatory access control
- SELinux history and architecture overview
- Elements of the SELinux security model: user identity and role; domain and type; sensitivity and categories; security context
- SELinux policy and Red Hat's targeted policy
- Configuring policy with booleans
- Archiving
- Setting and displaying extended attributes
Using SELinux
- Controlling SELinux
- File contexts
- Relabeling files and file systems
- Mount options
The Red Hat targeted policy
- Identifying and toggling protected services
- Apache security contexts and configuration booleans
- Name service contexts and configuration booleans
- NIS client contexts
- Other services
- File context for special directory trees
- Troubleshooting and avc denial messages
- SE troubleshooting and logging
Introduction to policies
- Policy overview and organization
- Compiling and loading the monolithic policy and policy modules
- Policy type enforcement module syntax
- Object classes
- Domain transition
Policy utilities
- Tools available for manipulating and analyzing policies: apol, seaudit and seaudit_report, checkpolicy, sepcut, sesearch, sestatus, audit2allow and audit2why, sealert, avcstat, seinfo, semanage and semodule, Man pages
User and role security
- Role-based access control
- Multicategory security
- Defining a security administrator
- Multilevel security
- The strict policy
- User identification and declaration
- Role identification and declaration
- Roles in use in transitions
- Role dominance
Anatomy of a policy
- Policy macros
- Type attributes and aliases
- Type transitions
- When and how files get labeled
- restorecond
- Customizable types
Manipulating policies
- Installing and compiling policies
- The policy language
- Access vector
- SELinux logs
- Security Identifiers - SIDs
- File system labeling behavior
- Context on network objects
- Creating and using new booleans
- Manipulating policy by example
- Macros
- Enableaudit
Project
- Best practices
- Create file contexts, types, and typealiases
- Edit and create network contexts
- Edit and create domains
Note: Course outline is subject to change with technology advances and as the nature of the underlying job evolves. For questions or confirmation on a specific objective or topic, please contact a training specialist.
