Getting started with SELinux System Administration
3.9 (6 ratings)
Instead of using a simple lifetime average, Udemy calculates a course's star rating by considering a number of different factors such as the number of ratings, the age of ratings, and the likelihood of fraudulent ratings.
35 students enrolled
Wishlisted Wishlist

Please confirm that you want to add Getting started with SELinux System Administration to your Wishlist.

Add to Wishlist

Getting started with SELinux System Administration

Ward off traditional security permissions and effectively secure your Linux systems with SELinux
3.9 (6 ratings)
Instead of using a simple lifetime average, Udemy calculates a course's star rating by considering a number of different factors such as the number of ratings, the age of ratings, and the likelihood of fraudulent ratings.
35 students enrolled
Created by Packt Publishing
Last updated 5/2017
Curiosity Sale
Current price: $10 Original price: $125 Discount: 92% off
30-Day Money-Back Guarantee
  • 3.5 hours on-demand video
  • Full lifetime access
  • Access on mobile and TV
  • Certificate of Completion
What Will I Learn?
  • Analyze SELinux events and selectively enable or disable SELinux enforcement
  • Manage Linux users and associate them with the right role and permission set
  • Secure network communications through SELinux access controls
  • Tune full-service flexibility by dynamically assigning resource labels
View Curriculum
  • This course offers a complete overview of SELinux administration and how it integrates with other components on a Linux system. It covers the majority of SELinux features with a mix of real-life scenarios, descriptions, and examples. This course contains everything an administrator needs to customize SELinux.

Do you have the crucial job of protecting your private and company systems from malicious attacks and undefined application behavior? Are you looking to secure your Linux systems with improved access controls? Look no further, intrepid administrator! This course will show you how to enhance your system's secure state across Linux distributions, helping you keep application vulnerabilities at bay. This video course covers the core SELinux concepts and shows you how to leverage SELinux to improve the protection measures of a Linux system. You will learn the SELinux fundamentals and all of SELinux's configuration handles including conditional policies, constraints, policy types, and audit capabilities. These topics are paired with genuine examples of situations and issues you will probably come across as an administrator.

About The Author

Sven Vermeulen is a long-term contributor to various free software projects and the author of various online guides and resources. He got his first taste of free software in 1997 and never looked back. In 2003, he joined the ranks of the Gentoo Linux project as a
documentation developer and has since worked in several roles, including Gentoo Foundation trustee, council member, project lead for various documentation initiatives, and (his current role) project lead for Gentoo Hardened SELinux integration and the system integrity project.

During this time, Sven gained expertise in several technologies, ranging from OS-level knowledge to application servers. He used his interest in security to guide his projects further in the areas of security guides using SCAP languages, mandatory access controls through SELinux, authentication with PAM, (application) firewalling, and more.

Within SELinux, Sven contributed several policies to the Reference Policy project, and he is an active participant in policy development and user space development projects.

In his daily job, Sven is an IT architect in a European financial institution as well as a self-employed solution engineer and consultant. The secure implementation of infrastructures (and the surrounding architectural integration) is, of course, an important part of this. Prior to this, he graduated with an MSc in computer engineering from Ghent University and MSc in ICT enterprise architecture, and he worked as a web application infrastructure engineer.

Sven is the main author of the Gentoo Handbook, which covers the installation and configuration of Gentoo Linux on several architectures. He also authored the Linux Sea online publication (a basic introduction to Linux for novice system administrators) and SELinux System Administration and SELinux Cookbook for Packt Publishing.

Who is the target audience?
  • This video course is for Linux administrators who want to control the secure state of their systems. It's packed with the latest information on SELinux operations and administrative procedures so you'll be able to further harden your system through Mandatory Access Control (MAC), a security strategy that has been shaping Linux security for years.
Students Who Viewed This Course Also Viewed
Curriculum For This Course
24 Lectures
Fundamental SELinux Concepts
5 Lectures 46:13

This video gives an overview of the entire course.

Preview 03:51

A Linux user with access to sensitive information could easily leak that out to the public, manipulate the behavior of the application she or she launches, and do many other things that affect the security of the system. This video will show you how you could deal with this risk and provide more security to your system.

Providing More Security to Linux

This video will show you how you could label the resources objects available to you and decide whether to allow or deny a particular action.

Labeling All Resources and Objects

Enabling SELinux does not automatically start the enforcement of access. If SELinux is enabled and it cannot find a policy, it will refuse to start. Let’s see how we could deal with this situation by defining and distributing Policies.

Defining and Distributing Policies

It is recommended to consult the distribution documentation to verify what the proper name of the policy should be. Thus, it’s important to distinguish between Policies. This video will show you how you could do this.

Distinguishing Between Policies
Understanding SELinux Decisions and Logging
4 Lectures 39:17

Disabling SELinux is a commonly requested activity. Some vendors do not support their application running on a platform that has SELinux enabled. You will learn through this video how to enable or disable SELinux.

Preview 13:08

A security-oriented subsystem such as SELinux can only succeed if it is capable of enhanced logging and even debugging. Let’s have a look at this aspect of SELinux.

SELinux Logging and Auditing

Although most SELinux log events are AVC related, they aren't the sole event types an administrator will have to deal with. Few event types are directly concerned with SELinux. Let’s have a look at these.

Other SELinux-Related Event Types

On some distributions, additional support tools are available that help us identify the cause of a denial. These tools have some knowledge of the common mistakes. This video will let you get help from denials.

Getting Help with Denials
Managing User Logins
4 Lectures 35:21

Once logged in to a system, our user will run inside a certain context. This user context defines the rights and privileges that we, as a user, have on the system. Let’s have a look at how we could set the SELinux contexts.

Preview 06:41

Within SELinux systems, the moment a user logs in, the login system checks which SELinux user his or her login is mapped to. Hence, it’s crucial to map the user correctly with the exact role. Let’s dive into SELinux users and roles.

SELinux Users and Roles

We saw how SELinux users define the role(s) that a user can be in. But how does SELinux enforce which role a user logs on through? And when logged on, how can a user switch his active role? Let’s answer to this question with this video.

Handling SELinux Roles

With all the information about SELinux users and roles, we have not touched upon how exactly applications are able to create and assign a SELinux context to a user. Let’s explore this, through this video.

SELinux and PAM
Process Domains and File-Level Access Controls
7 Lectures 49:03

This video will show you how to use a web-based application deployment as an example: DokuWiki, which is a popular PHP wiki that uses files rather than a database as its backend system and is easy to install and manage.

Preview 05:21

Now that you are aware that file contexts are stored as extended attributes, how do we ensure that files receive the correct label when they are written or modified? This video will answer this question.

Keeping or Ignoring Contexts

When we think that the context of a file is wrong, we need to correct the context. SELinux offers several methods to do so, and some distributions even add in more. Let’s have a look at these methods.

SELinux File Context Expressions

This video will show you the different approaches which are available for you in SELinux to modify file contexts

Modifying File Contexts

As everything in SELinux works with labels, even processes are assigned a label, also known as the domain. Let’s explore the context of a process through this video.

The Context of a Process

For security reasons, Linux systems can reduce the ability for processes to gain elevated privileges under certain situations or provide additional constraints to reduce the likelihood of vulnerabilities to be exploitable. Let’s see how we could limit the scope of transitions in SELinux.

Limiting the Scope of Transitions

Now that you know more about types, let's look into how these are used in the SELinux policy in more detail.

Types, Permissions, and Constraints
Controlling Network Communications
4 Lectures 30:30

Linux applications communicate with each other either directly or over a network. Let's look at the various communication methods that Linux supports and how SELinux aligns with them.

Preview 09:49

The approach with TCP and UDP ports has a few downsides. One of them is that there is no knowledge of the target host, so you cannot govern where an application can connect to. Let’s see how we could tackle this situation with Linux netfilter and SECMARCK support.

Linux netfilter and SECMARK Support

Another approach to further fine-tune the access controls on the network level is to introduce labeled networking. This video will show you how you could implement this approach.

Labeled Networking

This video will show you, how you could use NetLabel/CIPSO support, to label traffic with sensitivity information and use it across the network.

Using Netlabel/CIPSO
About the Instructor
Packt Publishing
3.9 Average rating
7,336 Reviews
52,365 Students
616 Courses
Tech Knowledge in Motion

Packt has been committed to developer learning since 2004. A lot has changed in software since then - but Packt has remained responsive to these changes, continuing to look forward at the trends and tools defining the way we work and live. And how to put them to work.

With an extensive library of content - more than 4000 books and video courses -Packt's mission is to help developers stay relevant in a rapidly changing world. From new web frameworks and programming languages, to cutting edge data analytics, and DevOps, Packt takes software professionals in every field to what's important to them now.

From skills that will help you to develop and future proof your career to immediate solutions to every day tech challenges, Packt is a go-to resource to make you a better, smarter developer.

Packt Udemy courses continue this tradition, bringing you comprehensive yet concise video courses straight from the experts.