eBook - ePub
SELinux System Administration - Second Edition
Sven Vermeulen
This is a test
Buch teilen
- 300 Seiten
- English
- ePUB (handyfreundlich)
- Über iOS und Android verfügbar
eBook - ePub
SELinux System Administration - Second Edition
Sven Vermeulen
Angaben zum Buch
Buchvorschau
Inhaltsverzeichnis
Quellenangaben
Über dieses Buch
Ward off traditional security permissions and effectively secure your Linux systems with SELinuxAbout This Book• Leverage SELinux to improve the secure state of your Linux system• A clear approach to adopting SELinux within your organization • Essential skills and techniques to help further your system administration careerWho This Book Is ForThis book is for Linux administrators who want to control the secure state of their systems. It's packed with the latest information on SELinux operations and administrative procedures so you'll be able to further harden your system through mandatory access control (MAC) – a security strategy that has been shaping Linux security for years.What You Will Learn• Analyze SELinux events and selectively enable or disable SELinux enforcement• Manage Linux users and associate them with the right role and permission set• Secure network communications through SELinux access controls• Tune the full service flexibility by dynamically assigning resource labels • Handle SELinux access patterns enforced through the system• Query the SELinux policy in depthIn DetailDo you have the crucial job of protecting your private and company systems from malicious attacks and undefined application behavior? Are you looking to secure your Linux systems with improved access controls? Look no further, intrepid administrator! This book will show you how to enhance your system's secure state across Linux distributions, helping you keep application vulnerabilities at bay. This book covers the core SELinux concepts and shows you how to leverage SELinux to improve the protection measures of a Linux system. You will learn the SELinux fundamentals and all of SELinux's configuration handles including conditional policies, constraints, policy types, and audit capabilities. These topics are paired with genuine examples of situations and issues you may come across as an administrator. In addition, you will learn how to further harden the virtualization offering of both libvirt (sVirt) and Docker through SELinux. By the end of the book you will know how SELinux works and how you can tune it to meet your needs.Style and approachThis book offers a complete overview of SELinux administration and how it integrates with other components on a Linux system. It covers the majority of SELinux features with a mix of real life scenarios, descriptions, and examples. This book contains everything an administrator needs to customize SELinux.
Häufig gestellte Fragen
Wie kann ich mein Abo kündigen?
Gehe einfach zum Kontobereich in den Einstellungen und klicke auf „Abo kündigen“ – ganz einfach. Nachdem du gekündigt hast, bleibt deine Mitgliedschaft für den verbleibenden Abozeitraum, den du bereits bezahlt hast, aktiv. Mehr Informationen hier.
(Wie) Kann ich Bücher herunterladen?
Derzeit stehen all unsere auf Mobilgeräte reagierenden ePub-Bücher zum Download über die App zur Verfügung. Die meisten unserer PDFs stehen ebenfalls zum Download bereit; wir arbeiten daran, auch die übrigen PDFs zum Download anzubieten, bei denen dies aktuell noch nicht möglich ist. Weitere Informationen hier.
Welcher Unterschied besteht bei den Preisen zwischen den Aboplänen?
Mit beiden Aboplänen erhältst du vollen Zugang zur Bibliothek und allen Funktionen von Perlego. Die einzigen Unterschiede bestehen im Preis und dem Abozeitraum: Mit dem Jahresabo sparst du auf 12 Monate gerechnet im Vergleich zum Monatsabo rund 30 %.
Was ist Perlego?
Wir sind ein Online-Abodienst für Lehrbücher, bei dem du für weniger als den Preis eines einzelnen Buches pro Monat Zugang zu einer ganzen Online-Bibliothek erhältst. Mit über 1 Million Büchern zu über 1.000 verschiedenen Themen haben wir bestimmt alles, was du brauchst! Weitere Informationen hier.
Unterstützt Perlego Text-zu-Sprache?
Achte auf das Symbol zum Vorlesen in deinem nächsten Buch, um zu sehen, ob du es dir auch anhören kannst. Bei diesem Tool wird dir Text laut vorgelesen, wobei der Text beim Vorlesen auch grafisch hervorgehoben wird. Du kannst das Vorlesen jederzeit anhalten, beschleunigen und verlangsamen. Weitere Informationen hier.
Ist SELinux System Administration - Second Edition als Online-PDF/ePub verfügbar?
Ja, du hast Zugang zu SELinux System Administration - Second Edition von Sven Vermeulen im PDF- und/oder ePub-Format sowie zu anderen beliebten Büchern aus Computer Science & Operating Systems. Aus unserem Katalog stehen dir über 1 Million Bücher zur Verfügung.
Information
SELinux System Administration - Second Edition
SELinux System Administration - Second Edition
Copyright © 2016 Packt Publishing
All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.
Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book.
Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.
First published: September 2013
Second edition: December 2016
Production reference: 1131216
Published by Packt Publishing Ltd.
Livery Place
35 Livery Street
Birmingham
B3 2PB, UK.
ISBN 978-1-78712-695-4
www.packtpub.com
Credits
| Author Sven Vermeulen | Copy Editor Madhusudan Uchil |
| Reviewers David Quigley Sam Wilson | Project Coordinator Judie Jose |
| Commissioning Editor Kartikey Pandey | Proofreader Safis Editing |
| Acquisition Editor Namrata Patil | Indexer Pratik Shirodkar |
| Content Development Editor Amedh Gemraram Pohad | Graphics Kirk D'Penha |
| Technical Editors Vishal Kamal Mewada Khushbu Sutar | Production Coordinator Shantanu N. Zagade |
About the Author
Sven Vermeulen is a long-term contributor to various free software projects and the author of various online guides and resources. He got his first taste of free software in 1997 and never looked back. In 2003, he joined the ranks of the Gentoo Linux project as a documentation developer and has since worked in several roles, including Gentoo Foundation trustee, council member, project lead for various documentation initiatives, and (his current role) project lead for Gentoo Hardened SELinux integration and the system integrity project.
During this time, Sven gained expertise in several technologies, ranging from OS-level knowledge to application servers. He used his interest in security to guide his projects further in the areas of security guides using SCAP languages, mandatory access controls through SELinux, authentication with PAM, (application) firewalling, and more.
Within SELinux, Sven contributed several policies to the Reference Policy project, and he is an active participant in policy development and user space development projects.
In his daily job, Sven is an IT architect in a European financial institution as well as a self-employed solution engineer and consultant. The secure implementation of infrastructures (and the surrounding architectural integration) is, of course, an important part of this. Prior to this, he graduated with an MSc in computer engineering from Ghent University and MSc in ICT enterprise architecture from http://inno.com/, and he worked as a web application infrastructure engineer.
Sven is the main author of the Gentoo Handbook, which covers the installation and configuration of Gentoo Linux on several architectures. He also authored the Linux Sea online publication, which is a basic introduction to Linux for novice system administrators, and SELinux System Administration and SELinux Cookbook for Packt Publishing.
I would like to thank the open source / free software community for its never ending drive to create great software, documentation, artwork and services. It is through this drive that companies and organizations around the world are enjoying high quality services with all the freedom that this software provides. Specifically, I would like to thank the Gentoo community as it provides a great meta-distribution and operating system. The people I meet there are all greatly motivated, highly experienced and/or experts in particular fields. Being around in the community makes me eager to learn more.
About the Reviewers
David Quigley started his career as a computer systems researcher for the National Information Assurance Research Lab at the NSA, where he worked as a member of the SELinux team. David lead the design and implementation efforts to provide Labeled-NFS support for SELinux. David has previously contributed to the open source community through maintaining the Unionfs 1.0 code base and through code contributions to various other projects. David has presented at conferences such as the Ottawa Linux Symposium, the StorageSS workshop, LinuxCon, and several local Linux User Group meetings where presentation topics have included storage, file systems, and security. David currently works as a ZFS kernel engineer for the High Performance Data Division at Intel. He previously reviewed SELinux Cookbook, published by Packt publishing.
I would like to thank my wonderful wife, Kathy, for all she does to make sure I have the time to do things like review this book and travel to give presentations on SELinux. She is the joy of my life and has helped me become the man I am today. I'd also like to thank all my children past and present: Zoe Jane and Caroline, who remind us to love and cherish the time we have as a family.
Sam Wilson is a senior systems and security engineer with a newly acquired passion for radio hardware and a focus on Red Hat Enterprise Linux. Because of his extensive security knowledge spanning microservices, infrastructure, and SecOps, Sam is approached regularly for SELinux mentorship and advice across the organizations he collaborates and works with. Sam has been active in GNU/Linux communities since early 2007 and has volunteered his time for NTFreenet, Darwin Community Arts, Ansible, and the Fedora project.
More recently, Sam can be found being a cranky neckbeard at https://www.cycloptivity.net as well working with the Atlassian Security Intelligence team on visibility, operational security, and controls to support and protect Atlassian customers in the cloud.
www.PacktPub.com
For support files and downloads related to your book, please visit www.PacktPub.com.
Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.PacktPub.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at [email protected] for more details.
At www.PacktPub.com, you can also read a collection of free technical articles, sign up for a range of free newsletters and receive exclusive discounts and offers on Packt books and eBooks.
https://www.packtpub.com/mapt
Get the most in-demand software skills with Mapt. Mapt gives you full access to all Packt books and video courses, as well as industry-leading tools to help you plan your personal development and advance your career.
Why subscribe?
- Fully searchable across every book published by Packt
- Copy and paste, print, and bookmark content
- On demand and accessible via a web browser
Preface
The secure state of an operating system or service is the result of a layered security approach. Systems can be shielded from the outside world through firewalls, operating systems have to be kept up to date with the latest security patches, services have to be configured properly, separation of duties has to be implemented for end users, and so forth.
Access controls are another layer that administrators have to look into. With Security Enhanced Linux (SELinux), the Linux ecosystem has a robust and established mandatory access control (MAC) system in place. Some distributions enable SELinux by default, others allow administrators to enab...