Linux Tutorials - Herong's Tutorial Examples
∟SELinux - Security-Enhanced Linux
This chapter provides introductions and tutorial on SELinux (Security-Enhanced Linux). Topics include introduction of SELinux basic concepts; User, Role, Domain, Type, Class, and Boolean; Type Enforcement policy rule syntax and database; making changes to SELiunx policy rules; using SELinux related tools.
These sections are omitted from this Web preview version. To view the full content,
see information on how to obtain the full version this book.
Functions Are Objects of the "Function" Type
Using the Function Constructor
Function Object Inherited Properties and Methods
Function Object Instance Properties
Creating Function Objects with "function" Statements
Creating Function Objects with the "function" Operator
Comparing 3 Ways of Creating Functions
Takeaways:
- SELinux is a security architecture for Linux® systems
that allows administrators to have more control over who can access the system.
- A SELinux User is an abstract concept that represents a group of real users
on the Linux system as security subject in SELinux system.
- A SELinux Role is an abstract concept that represents a set of permissions
grouped together for a specific functional role.
- A SELinux Type is an abstract concept that represents a set of files/directories
grouped together, so that security policy can be applied at the group level
instead of individually at files/directories level.
- A SELinux Domain is an abstract concept that represents a set of running
processes grouped together, so that security policy can be applied at the group
level instead of individually at process level.
- A SELinux Type Enforcement policy rule is defined in a form of
'allow "source" on "target" of "class" with "permissions"'.
- A SELinux Boolean is a Boolean flag that can be added to one or more SELinux
policy rules to turn on or turn off those rules.
- "semanage" command is used to configure certain elements of SELinux policy without
requiring modification to or recompilation from policy source.
- "seinfo" command is used to print out SELinux policy information.
- "sesearch" - SELinux policy rule search tool.
- SELinux error messages are logged in the /var/log/messages file.
Table of Contents
About This Book
Introduction to Linux Systems
Cockpit - Web Portal for Administrator
Process Management
Memory Management
Files and Directories
Users and Groups
File Systems
Block Devices and Partitions
LVM (Logical Volume Manager)
Installing CentOS
►SELinux - Security-Enhanced Linux
Network Connection on CentOS
Internet Networking Tools
SSH Protocol and ssh/scp Commands
Software Package Manager on CentOS - DNF and YUM
vsftpd - Very Secure FTP Daemon
LDAP (Lightweight Directory Access Protocol)
Administrative Tasks
References
Full Version in PDF/EPUB