Op werkdagen voor 23:00 besteld, morgen in huis Gratis verzending vanaf €20

SELinux

NSA's Open source Security Enhanced Linux

Paperback Engels 2005 1e druk 9780596007164
Verwachte levertijd ongeveer 16 werkdagen

Samenvatting

The intensive search for a more secure operating system has often left everyday, production computers far behind their experimental, research cousins. Now SELinux (Security Enhanced Linux) dramatically changes this. This best-known and most respected security-related extension to Linux embodies the key advances of the security field. Better yet, SELinux is available in widespread and popular distributions of the Linux operating system--including for Debian, Fedora, Gentoo, Red Hat Enterprise Linux, and SUSE-all of it free and open source.

SELinux emerged from research by the National Security Agency and implements classic strong-security measures such as role-based access controls, mandatory access controls, and fine-grained transitions and privilege escalation following the principle of least privilege. It compensates for the inevitable buffer overflows and other weaknesses in applications by isolating them and preventing flaws in one application from spreading to others. The scenarios that cause the most cyber-damage these days-when someone gets a toe-hold on a computer through a vulnerability in a local networked application, such as a Web server, and parlays that toe-hold into pervasive control over the computer system--are prevented on a properly administered SELinux system.

The key, of course, lies in the words 'properly administered.' A system administrator for SELinux needs a wide range of knowledge, such as the principles behind the system, how to assign different privileges to different groups of users, how to change policies to accommodate new software, and how to log and track what is going on. And this is where SELinux is invaluable. Author Bill McCarty, a security consultant who has briefed numerous government agencies, incorporates his intensive research into SELinux into this small but information-packed book.

Topics include:
- A readable and concrete explanation of SELinux concepts and the SELinux security model
- Installation instructions for numerous distributions
- Basic system and user administration
- A detailed dissection of the SELinux policy language
- Examples and guidelines for altering and adding policies

With 'SELinux' a high-security computer is within reach of any system administrator. If you want an effective means of securing your Linux system-and who doesn't?-this book provides the means.

Specificaties

ISBN13:9780596007164
Taal:Engels
Bindwijze:paperback
Aantal pagina's:238
Uitgever:O'Reilly
Druk:1
Hoofdrubriek:IT-management / ICT

Lezersrecensies

Wees de eerste die een lezersrecensie schrijft!

Inhoudsopgave

Preface

1. Introducing SELinux
Software Threats and the Internet
SELinux Features
Applications of SELinux
SELinux History
Web and FTP Sites
2. Overview of the SELinux Security Model
Subjects and Objects
Security Contexts
Transient and Persistent Objects
Access Decisions
Transition Decisions
SELinux Architecture
3. Installing and Initially Configuring SELinux
SELinux Versions
Installing SELinux
Linux Distributions Supporting SELinux
Installation Overview
Installing SELinux from Binary or Source Packages
Installing from Source
4. Using and Administering SELinux
System Modes and SELinux Tuning
Controlling SELinux
Routine SELinux System Use and Administration
Monitoring SELinux
Troubleshooting SELinux
5. SELinux Policy and Policy Language Overview
The SELinux Policy
Two Forms of an SELinux Policy
Anatomy of a Simple SELinux Policy Domain
SELinux Policy Structure
6. Role-Based Access Control
The SELinux Role-Based Access Control Model
Railroad Diagrams
SELinux Policy Syntax
User Declarations
Role-Based Access Control Declarations
7. Type Enforcement
The SELinux Type-Enforcement Model
Review of SELinux Policy Syntax
Type-Enforcement Declarations
Examining a Sample Policy
8. Ancillary Policy Statements
Constraint Declarations
Other Context-Related Declarations
Flask-Related Declarations
9. Customizing SELinux Policies
The SELinux Policy Source Tree
On the Topics of Difficulty and Discretion
Using the SELinux Makefile
Creating an SELinux User
Customizing Roles
Adding Permissions
Allowing a User Access to an Existing Domain
Creating a New Domain
Using Audit2allow
Policy Management Tools
The Road Ahead

A: Security Object Classes
B: SELinux Operations
C: SELinux Macros Defined in src/policy/macros
D: SELinux General Types
E: SELinux Type Attributes

Index

Managementboek Top 100

Rubrieken

Populaire producten

    Personen

      Trefwoorden

        SELinux