SELinux System Administration

Implement mandatory access control to secure applications, users, and information flows on Linux

Enhance Linux security, application platforms, and virtualization solutions with SELinux 3 to work within your boundaries, your rules, and your policies

Key Features

Learn what SELinux is, and how it acts as a mandatory access control system on Linux
Apply and tune SELinux enforcement to users, applications, platforms, and virtualization solutions
Use real-life examples and custom policies to strengthen the security posture of your systems

Book DescriptionLinux is a dominant player in many organizations and in the cloud. Les mer
Vår pris
641,-

(Paperback) Fri frakt!
Leveringstid: Sendes innen 21 dager

Paperback
Legg i
Paperback
Legg i
Vår pris: 641,-

(Paperback) Fri frakt!
Leveringstid: Sendes innen 21 dager

Om boka

Enhance Linux security, application platforms, and virtualization solutions with SELinux 3 to work within your boundaries, your rules, and your policies

Key Features

Learn what SELinux is, and how it acts as a mandatory access control system on Linux
Apply and tune SELinux enforcement to users, applications, platforms, and virtualization solutions
Use real-life examples and custom policies to strengthen the security posture of your systems

Book DescriptionLinux is a dominant player in many organizations and in the cloud. Securing the Linux environment is extremely important for any organization, and Security-Enhanced Linux (SELinux) acts as an additional layer to Linux system security.

SELinux System Administration covers basic SELinux concepts and shows you how to enhance Linux system protection measures. You will get to grips with SELinux and understand how it is integrated. As you progress, you'll get hands-on experience of tuning and configuring SELinux and integrating it into day-to-day administration tasks such as user management, network management, and application maintenance. Platforms such as Kubernetes, system services like systemd, and virtualization solutions like libvirt and Xen, all of which offer SELinux-specific controls, will be explained effectively so that you understand how to apply and configure SELinux within these applications. If applications do not exert the expected behavior, you'll learn how to fine-tune policies to securely host these applications. In case no policies exist, the book will guide you through developing custom policies on your own.

By the end of this Linux book, you'll be able to harden any Linux system using SELinux to suit your needs and fine-tune existing policies and develop custom ones to protect any app and service running on your Linux systems.

What you will learn

Understand what SELinux is and how it is integrated into Linux
Tune Linux security using policies and their configurable settings
Manage Linux users with least-privilege roles and access controls
Use SELinux controls in system services and virtualization solutions
Analyze SELinux behavior through log events and policy analysis tools
Protect systems against unexpected and malicious behavior
Enhance existing policies or develop custom ones

Who this book is forThis Linux sysadmin book is for Linux administrators who want to control the secure state of their systems using SELinux, and for security professionals who have experience in maintaining a Linux system and want to know about SELinux. Experience in maintaining Linux systems, covering user management, software installation and maintenance, Linux security controls, and network configuration is required to get the most out of this book.

Fakta

Innholdsfortegnelse

Table of Contents

Fundamental SELinux Concepts
Understanding SELinux Decisions and Logging
Managing User Logins
Using File Contexts and Process Domains
Controlling Network Communications
Configuring SELinux through Infrastructure-as-Code Orchestration
Configuring Application-Specific SELinux Controls
SEPostgreSQL - Extending PostgreSQL with SELinux
Secure Virtualization
Using Xen Security Modules with FLASK
Enhancing the Security of Containerized Workloads
Tuning SELinux Policies
Analyzing Policy Behavior
Dealing with New Applications
Using the Reference Policy
Developing Policies with SELinux CIL

Om forfatteren

Sven Vermeulen (sjvermeu on Twitter) is a long-term contributor to various free software projects and the author of several online guides and resources, including the Gentoo Handbook. He got his first taste of free software in 1997 and never looked back. Within SELinux, Sven contributed several policies to the Reference Policy project, and actively participated in policy development and user space development projects. In his daily job, Sven is an enterprise architect in a European financial institution as well as a self-employed solution engineer and consultant. Prior to this, he graduated with an MSE in computer engineering from Ghent University and an MSc in ICT enterprise architecture from IC Institute.