- ホーム
- > 洋書
- > 英文書
- > Computer / Operating Systems
Full Description
The intensive search for a more secure operating system has often left everyday, production computers far behind their experimental, research cousins. Now SELinux (Security Enhanced Linux) dramatically changes this. This best-known and most respected security-related extension to Linux embodies the key advances of the security field. Better yet, SELinux is available in widespread and popular distributions of the Linux operating system--including for Debian, Fedora, Gentoo, Red Hat Enterprise Linux, and SUSE--all of it free and open source.SELinux emerged from research by the National Security Agency and implements classic strong-security measures such as role-based access controls, mandatory access controls, and fine-grained transitions and privilege escalation following the principle of least privilege. It compensates for the inevitable buffer overflows and other weaknesses in applications by isolating them and preventing flaws in one application from spreading to others. The scenarios that cause the most cyber-damage these days--when someone gets a toe-hold on a computer through a vulnerability in a local networked application, such as a Web server, and parlays that toe-hold into pervasive control over the computer system--are prevented on a properly administered SELinux system.The key, of course, lies in the words properly administered. A system administrator for SELinux needs a wide range of knowledge, such as the principles behind the system, how to assign different privileges to different groups of users, how to change policies to accommodate new software, and how to log and track what is going on. And this is where SELinux is invaluable. Author Bill McCarty, a security consultant who has briefed numerous government agencies, incorporates his intensive research into SELinux into this small but information-packed book. Topics include:
A readable and concrete explanation of SELinux concepts and the SELinux security model
Installation instructions for numerous distributions
Basic system and user administration
A detailed dissection of the SELinux policy language
Examples and guidelines for altering and adding policies
With SELinux, a high-security computer is within reach of any system administrator. If you want an effective means of securing your Linux system--and who doesn't?--this book provides the means.
Contents
Preface; 1. Introducing SELinux; Software Threats and the Internet; SELinux Features; Applications of SELinux; SELinux History; Web and FTP Sites; 2. Overview of the SELinux Security Model; Subjects and Objects; Security Contexts; Transient and Persistent Objects; Access Decisions; Transition Decisions SELinux Architecture; 3. Installing and Initially Configuring SELinux; SELinux Versions; Installing SELinux; Linux Distributions Supporting SELinux; Installation Overview; Installing SELinux from Binary or Source Packages; Installing from Source; 4. Using and Administering SELinux; System Modes and SELinux Tuning; Controlling SELinux; Routine SELinux System Use and Administration; Monitoring SELinux; Troubleshooting SELinux 5. SELinux Policy and Policy Language Overview; The SELinux Policy Two Forms of an SELinux Policy; Anatomy of a Simple SELinux Policy Domain; SELinux Policy Structure; 6. Role-Based Access Control The SELinux Role-Based Access Control Model; Railroad Diagrams SELinux Policy Syntax; User Declarations; Role-Based Access Control Declarations; 7. Type Enforcement; The SELinux Type-Enforcement Model; Review of SELinux Policy Syntax; Type-Enforcement Declarations; Examining a Sample Policy; 8. Ancillary Policy Statements; Constraint Declarations; Other Context-Related Declarations; Flask-Related Declarations 9. Customizing SELinux Policies; The SELinux Policy Source Tree On the Topics of Difficulty and Discretion; Using the SELinux Makefile; Creating an SELinux User; Customizing Roles Adding Permissions; Allowing a User Access to an Existing Domain Creating a New Domain; Using Audit2allow; Policy Management Tools; The Road Ahead; A. Security Object Classes; B. SELinux Operations; C. SELinux Macros Defined in src/policy/macros D. SELinux General Types; E. SELinux Type Attributes; Index
