Students will gain hands-on experience in working with SELinux modes, virtualization, and container security. The core of the course is learning and understanding SELinux policy through choosing, managing, and studying policy examples. Once students have an understanding of the SELinux policy the course will cover writing policy modules. The course is capped with multiple discussions on case studies that explore building SELinux policies. This SELinux course covers one of the major challenges faced by administering SELinux, SELinux troubleshooting.
Module 1: COMPUTING SECURITY & SELINUX OVERVIEW
- Security Threats
- Network and Host Protection
- Shortcomings of Traditional Unix Security
- DAC vs. MAC
- SELinux Goals
- SELinux Evolution
- SELinux Features and Limitations
- SELinux Contexts
- Labels
- Access Decisions
- Transition Decisions: Processes
- SELinux Example
Module 2: WORKING WITH SELINUX
- SELinux Modes
- Gathering SELinux Information
- SELinux Virtual Filesystem
- Core Commands and SELinux
- SELinux Management Utilities
- Context and File Operations
- Managing File Context Database
- Managing Contexts
- Booleans
- SELinux Mount Options
- Virtualization Security
- Container Security
- Securing Networked Services
- Managing Port Contexts
Module 3: POLICIES
- The SELinux Policy
- Choosing an SELinux Policy
- Policy Layout
- Examining Policy
- Managing Policies
- Targeted Policy
- Targeted Policy Example: Apache
- Targeted Policy Example: Other Contexts
- Minimum Policy
- MLS Policy Overview
- MCS Translation
- Polyinstantiated Directories
Module 4: USERS & ROLES
- Overview of Roles
- Roles
- User Mappings
- Kiosk User (xguest)
- Controlling Application Execution
Module 5: TROUBLESHOOTING SELINUX
- Access Denied. Now what?
- AVC Denied Examples
- Incorrect File Context
- Permissive Domains
- Using audit2allow
Module 6: WRITING POLICY MODULES
- SELinux Policy Tools
- SELinux Policy Source
- Reference Policy Source Exploration
- Process Transitions
- Object classes
- Policy Macros
- Creating Booleans
- Using Booleans in Policies
- Other Policy Commands
- Writing Policy Modules
Module 7: CASE STUDY: SECURING AN APPLICATION LAB TASKS
- SELinux Policy Building: Case Study 1
Module 8: CASE STUDY: SECURING AN APPLICATION LAB TASKS
- SELinux Policy Building: Case Study 2
The Linux Fundamentals and Enterprise Linux Systems Administration courses are prerequisites for this course.