LinuxCBT SELinux Edition d3xseeders: 10
leechers: 3
LinuxCBT SELinux Edition d3x (Size: 773.78 MB)
Description
Focus: Security Enhanced Linux
Duration: 10 Hours Course Objective SELinux Security - Module IV Access Control Models Describe Access Control Model (ACM) theories (DAC/MAC/nDAC) Explain features & shortcomings of Discretionary Access Control (DAC) models Identify key DAC-based utilities Discuss the advantages & caveats of Mandatory Access Control (MAC)models Explore DAC-based programs SELinux - Basics Discuss subjects & objects Explain how SELinux is implemented in 2.6.x-based kernels Confirm SELinux support in the kernel Identify key SELinux packages Use sestatus to obtain the current SELinux mode Discuss subject & object labeling Describe the 3 SELinux operating modes Identify key utilities & files, which dictate the current SELinux operating mode Focus on the features of SELinux permissive mode Explore the boot process as it relates to SELinux SELinux - Object Labeling Discuss subject & object labeling Discuss the role of extended attributes (XATTRs) Expose the labels of specific objects Alter the lables of specific objects Configure SELinux to automatically label objects per security policy Reset the system and confirm labels on altered objects Explain security tuples Use fixfiles to restore object labels on running system per security policy SELinux - Type Contexts - Security Labels Applied to Objects Intro to object security tuples - security labels Attempt to serve HTML content using Apache in SELinux enforcing mode Identify problematic object security labels Serve HTML content in SELinux permissive mode Use chcon to alter object security labels Switch to enforcing mode & confirm the ability to serve HTML content Use restorecon to restore object security context (labels) SELinux - Basic Commands - Type & Domain Exposition ps - reveal subjects' security context (security label) - Domains ls - reveal objects' security label - Types cp - preserve/inherit security labels mv - preserve security labels id - expose subject security label SELinux - Targeted Policy - Binary Explain the Targeted Policy's features Discuss policy transitions for domains Compare & contrast confined & unconfined states Exempt Apache daemon from the auspicies of the targeted policy's confined state Evaluate results after exemption Explain the security contexts applied to subjects & objects Peruse key targeted binary policy files Identify the daemons protected by the targeted policy Discuss the unconfined_t domain - subject label SELinux - Targeted Policy - Source Install the targeted policy source files Identify & discuss TE and FC files Explore file_contexts - context definition for objects Discuss the file context syntax Explain the purpose of using run_init to initiate SELinux-protected daemons Switch between permissive & enforcing modes and evaluate behavior Peruse the key files in the targeted source policy SELinux - Miscellaneous Utilities - Logging Use tar to archive SELinux-protected objects Confirm security labels on tar-archived objects Use the tar substitute 'star' to archive extended attributes(XATTRs) Confirm security labels on star-archived objects Discuss the role of the AVC Examine SELinux logs - /var/log/messages Alter Syslog configuration to route SELinux messages to an ideal location Use SETools, shell-based programs to output real-time statistics Install & use SEAudit graphical SELinux log-management tool SELinux - RedHat® Enterprise 5.x - Exploration Explore configuration & key utilities Transition from 'disabled' to 'permissive' mode Focus on Apache web server behavior Enable UserDir functionality & test content access Transition to 'enforcing' mode Examine Apache behvavior in restricted environment Adjust SELinux directives Evaluate results SELinux - Network Ports - Service Restrictions Explore standard behavior Configure new application bindings Examine SELinux intervention Rectify SELinux configuration for multiple services Evaluate results Related Torrents
Sharing Widget |
All Comments