SlideShare ist ein Scribd-Unternehmen logo

How to live with SELinux

Als ODP, PDF herunterladen
Bert Desmet
Bert Desmet

presentation I gave for the people at whitespace, Ghent..

Technologie
1 von 30
How to live with SELinux Bert Desmet – Fedora Ambassador
You can find me here ,[object Object]
www.bdesmet.be
www.devnox.be
www.fedoraproject.org/wiki/user:biertie
www.identi.ca/bdesmet
Irc: biertie @ Freenode / Quakenet
Mail: [email_address]
Google me for more And if you have any questions, feel free to contact me..
What I do.. ,[object Object]
Fedora ,[object Object]
Designer of the T shirt
Organise some events ,[object Object],Oh, and I love to party!
How to live with SELinux
Table of contents ,[object Object]
Booleans and ports
Contexts and labels
Backing up and copying
Your own policies
What is SELinux? ,[object Object]
Build by NSA
3 'functions' ,[object Object]
RBAC: user privilege controls
TE: application isolation ,[object Object]
Why would I? ,[object Object]
Reduces vulnerability to attacks
Confined services
but ,[object Object]
No firewall
....

Empfohlen

chroot and SELinux
chroot and SELinuxchroot and SELinux
chroot and SELinuxShay Cohen
 
SELinux for Everyday Users
SELinux for Everyday UsersSELinux for Everyday Users
SELinux for Everyday UsersPaulWay
 
Introduction to SELinux Part-I
Introduction to SELinux Part-IIntroduction to SELinux Part-I
Introduction to SELinux Part-In|u - The Open Security Community
 
Slug 2009 06 SELinux For Sysadmins
Slug 2009 06 SELinux For SysadminsSlug 2009 06 SELinux For Sysadmins
Slug 2009 06 SELinux For SysadminsPaulWay
 
The SElinux Notebook :the foundations - Vol 1
The SElinux Notebook :the foundations - Vol 1The SElinux Notebook :the foundations - Vol 1
The SElinux Notebook :the foundations - Vol 1Eliel Prado
 
SELinux Basic Usage
SELinux Basic UsageSELinux Basic Usage
SELinux Basic UsageDmytro Minochkin
 
Introduction to Selinux
Introduction to SelinuxIntroduction to Selinux
Introduction to SelinuxAtul Jha
 
Security Enhanced Linux Overview
Security Enhanced Linux OverviewSecurity Enhanced Linux Overview
Security Enhanced Linux OverviewEmre Can Kucukoglu
 

Empfohlen

chroot and SELinux
chroot and SELinuxchroot and SELinux
chroot and SELinuxShay Cohen
 
SELinux for Everyday Users
SELinux for Everyday UsersSELinux for Everyday Users
SELinux for Everyday UsersPaulWay
 
Introduction to SELinux Part-I
Introduction to SELinux Part-IIntroduction to SELinux Part-I
Introduction to SELinux Part-In|u - The Open Security Community
 
Slug 2009 06 SELinux For Sysadmins
Slug 2009 06 SELinux For SysadminsSlug 2009 06 SELinux For Sysadmins
Slug 2009 06 SELinux For SysadminsPaulWay
 
The SElinux Notebook :the foundations - Vol 1
The SElinux Notebook :the foundations - Vol 1The SElinux Notebook :the foundations - Vol 1
The SElinux Notebook :the foundations - Vol 1Eliel Prado
 
SELinux Basic Usage
SELinux Basic UsageSELinux Basic Usage
SELinux Basic UsageDmytro Minochkin
 
Introduction to Selinux
Introduction to SelinuxIntroduction to Selinux
Introduction to SelinuxAtul Jha
 
Security Enhanced Linux Overview
Security Enhanced Linux OverviewSecurity Enhanced Linux Overview
Security Enhanced Linux OverviewEmre Can Kucukoglu
 
MR201406 A Re-introduction to SELinux
MR201406 A Re-introduction to SELinuxMR201406 A Re-introduction to SELinux
MR201406 A Re-introduction to SELinuxFFRI, Inc.
 
How to use SELINUX (No I don't mean turn it off)
How to use SELINUX (No I don't mean turn it off)How to use SELINUX (No I don't mean turn it off)
How to use SELINUX (No I don't mean turn it off)Chuck Reeves
 
Selinux
SelinuxSelinux
SelinuxAnkit Raj
 
SELinux introduction
SELinux introductionSELinux introduction
SELinux introductionMichael Nazzareno Trimarchi
 
SELinux basics
SELinux basicsSELinux basics
SELinux basicsLubomir Rintel
 
Unix Security
Unix SecurityUnix Security
Unix Securityreplay21
 
Security Onion Conference - 2016
Security Onion Conference - 2016Security Onion Conference - 2016
Security Onion Conference - 2016DefensiveDepth
 
Threats, Vulnerabilities & Security measures in Linux
Threats, Vulnerabilities & Security measures in LinuxThreats, Vulnerabilities & Security measures in Linux
Threats, Vulnerabilities & Security measures in LinuxAmitesh Bharti
 
Basic Linux Security
Basic Linux SecurityBasic Linux Security
Basic Linux Securitypankaj009
 
Security and Linux Security
Security and Linux SecuritySecurity and Linux Security
Security and Linux SecurityRizky Ariestiyansyah
 
Security Onion: peeling back the layers of your network in minutes
Security Onion: peeling back the layers of your network in minutesSecurity Onion: peeling back the layers of your network in minutes
Security Onion: peeling back the layers of your network in minutesbsidesaugusta
 
Hacking Fundamentals - Jen Johnson , Miria Grunick
Hacking Fundamentals - Jen Johnson , Miria GrunickHacking Fundamentals - Jen Johnson , Miria Grunick
Hacking Fundamentals - Jen Johnson , Miria Grunickamiable_indian
 
Ubuntu 16.04 LTS Security Features
Ubuntu 16.04 LTS Security FeaturesUbuntu 16.04 LTS Security Features
Ubuntu 16.04 LTS Security FeaturesDustin Kirkland
 
An Introduction to User Space Filesystem Development
An Introduction to User Space Filesystem DevelopmentAn Introduction to User Space Filesystem Development
An Introduction to User Space Filesystem DevelopmentMatt Turner
 
Linux Vulnerabilities
Linux VulnerabilitiesLinux Vulnerabilities
Linux VulnerabilitiesSecurityTube.Net
 
SELinux Kernel Internals and Architecture - FOSS.IN/2005
SELinux Kernel Internals and Architecture - FOSS.IN/2005SELinux Kernel Internals and Architecture - FOSS.IN/2005
SELinux Kernel Internals and Architecture - FOSS.IN/2005James Morris
 
Linux Virus
Linux VirusLinux Virus
Linux VirusAkhil Kadangode
 
OpenSSH: keep your secrets safe
OpenSSH: keep your secrets safeOpenSSH: keep your secrets safe
OpenSSH: keep your secrets safeGiovanni Bechis
 
Inside Out Hacking - Bypassing Firewall
Inside Out Hacking - Bypassing FirewallInside Out Hacking - Bypassing Firewall
Inside Out Hacking - Bypassing Firewallamiable_indian
 
Enabling Worm and Malware Investigation Using Virtualization
Enabling Worm and Malware Investigation Using VirtualizationEnabling Worm and Malware Investigation Using Virtualization
Enabling Worm and Malware Investigation Using Virtualizationamiable_indian
 
Authentication for Droids
Authentication for DroidsAuthentication for Droids
Authentication for DroidsPayPal
 
BAJKI DLA DZIECI
BAJKI DLA DZIECIBAJKI DLA DZIECI
BAJKI DLA DZIECIMarek Grześkowiak
 

Weitere ähnliche Inhalte

Was ist angesagt?

MR201406 A Re-introduction to SELinux
MR201406 A Re-introduction to SELinuxMR201406 A Re-introduction to SELinux
MR201406 A Re-introduction to SELinuxFFRI, Inc.
 
How to use SELINUX (No I don't mean turn it off)
How to use SELINUX (No I don't mean turn it off)How to use SELINUX (No I don't mean turn it off)
How to use SELINUX (No I don't mean turn it off)Chuck Reeves
 
Unix Security
Unix SecurityUnix Security
Unix Securityreplay21
 
Security Onion Conference - 2016
Security Onion Conference - 2016Security Onion Conference - 2016
Security Onion Conference - 2016DefensiveDepth
 
Threats, Vulnerabilities & Security measures in Linux
Threats, Vulnerabilities & Security measures in LinuxThreats, Vulnerabilities & Security measures in Linux
Threats, Vulnerabilities & Security measures in LinuxAmitesh Bharti
 
Basic Linux Security
Basic Linux SecurityBasic Linux Security
Basic Linux Securitypankaj009
 
Security Onion: peeling back the layers of your network in minutes
Security Onion: peeling back the layers of your network in minutesSecurity Onion: peeling back the layers of your network in minutes
Security Onion: peeling back the layers of your network in minutesbsidesaugusta
 
Hacking Fundamentals - Jen Johnson , Miria Grunick
Hacking Fundamentals - Jen Johnson , Miria GrunickHacking Fundamentals - Jen Johnson , Miria Grunick
Hacking Fundamentals - Jen Johnson , Miria Grunickamiable_indian
 
Ubuntu 16.04 LTS Security Features
Ubuntu 16.04 LTS Security FeaturesUbuntu 16.04 LTS Security Features
Ubuntu 16.04 LTS Security FeaturesDustin Kirkland
 
An Introduction to User Space Filesystem Development
An Introduction to User Space Filesystem DevelopmentAn Introduction to User Space Filesystem Development
An Introduction to User Space Filesystem DevelopmentMatt Turner
 
SELinux Kernel Internals and Architecture - FOSS.IN/2005
SELinux Kernel Internals and Architecture - FOSS.IN/2005SELinux Kernel Internals and Architecture - FOSS.IN/2005
SELinux Kernel Internals and Architecture - FOSS.IN/2005James Morris
 
OpenSSH: keep your secrets safe
OpenSSH: keep your secrets safeOpenSSH: keep your secrets safe
OpenSSH: keep your secrets safeGiovanni Bechis
 
Inside Out Hacking - Bypassing Firewall
Inside Out Hacking - Bypassing FirewallInside Out Hacking - Bypassing Firewall
Inside Out Hacking - Bypassing Firewallamiable_indian
 
Enabling Worm and Malware Investigation Using Virtualization
Enabling Worm and Malware Investigation Using VirtualizationEnabling Worm and Malware Investigation Using Virtualization
Enabling Worm and Malware Investigation Using Virtualizationamiable_indian
 

Was ist angesagt? (20)

MR201406 A Re-introduction to SELinux
MR201406 A Re-introduction to SELinuxMR201406 A Re-introduction to SELinux
MR201406 A Re-introduction to SELinux
 
How to use SELINUX (No I don't mean turn it off)
How to use SELINUX (No I don't mean turn it off)How to use SELINUX (No I don't mean turn it off)
How to use SELINUX (No I don't mean turn it off)
 
Selinux
SelinuxSelinux
Selinux
 
SELinux introduction
SELinux introductionSELinux introduction
SELinux introduction
 
SELinux basics
SELinux basicsSELinux basics
SELinux basics
 
Unix Security
Unix SecurityUnix Security
Unix Security
 
Security Onion Conference - 2016
Security Onion Conference - 2016Security Onion Conference - 2016
Security Onion Conference - 2016
 
Threats, Vulnerabilities & Security measures in Linux
Threats, Vulnerabilities & Security measures in LinuxThreats, Vulnerabilities & Security measures in Linux
Threats, Vulnerabilities & Security measures in Linux
 
Basic Linux Security
Basic Linux SecurityBasic Linux Security
Basic Linux Security
 
Security and Linux Security
Security and Linux SecuritySecurity and Linux Security
Security and Linux Security
 
Security Onion: peeling back the layers of your network in minutes
Security Onion: peeling back the layers of your network in minutesSecurity Onion: peeling back the layers of your network in minutes
Security Onion: peeling back the layers of your network in minutes
 
Hacking Fundamentals - Jen Johnson , Miria Grunick
Hacking Fundamentals - Jen Johnson , Miria GrunickHacking Fundamentals - Jen Johnson , Miria Grunick
Hacking Fundamentals - Jen Johnson , Miria Grunick
 
Ubuntu 16.04 LTS Security Features
Ubuntu 16.04 LTS Security FeaturesUbuntu 16.04 LTS Security Features
Ubuntu 16.04 LTS Security Features
 
An Introduction to User Space Filesystem Development
An Introduction to User Space Filesystem DevelopmentAn Introduction to User Space Filesystem Development
An Introduction to User Space Filesystem Development
 
Linux Vulnerabilities
Linux VulnerabilitiesLinux Vulnerabilities
Linux Vulnerabilities
 
SELinux Kernel Internals and Architecture - FOSS.IN/2005
SELinux Kernel Internals and Architecture - FOSS.IN/2005SELinux Kernel Internals and Architecture - FOSS.IN/2005
SELinux Kernel Internals and Architecture - FOSS.IN/2005
 
Linux Virus
Linux VirusLinux Virus
Linux Virus
 
OpenSSH: keep your secrets safe
OpenSSH: keep your secrets safeOpenSSH: keep your secrets safe
OpenSSH: keep your secrets safe
 
Inside Out Hacking - Bypassing Firewall
Inside Out Hacking - Bypassing FirewallInside Out Hacking - Bypassing Firewall
Inside Out Hacking - Bypassing Firewall
 
Enabling Worm and Malware Investigation Using Virtualization
Enabling Worm and Malware Investigation Using VirtualizationEnabling Worm and Malware Investigation Using Virtualization
Enabling Worm and Malware Investigation Using Virtualization
 

Andere mochten auch

Authentication for Droids
Authentication for DroidsAuthentication for Droids
Authentication for DroidsPayPal
 
Travel Guide - Prague, Dublin, Lisbon
Travel Guide - Prague, Dublin, LisbonTravel Guide - Prague, Dublin, Lisbon
Travel Guide - Prague, Dublin, LisbonEmily Kates
 
Christmas vacation destinations
Christmas vacation destinationsChristmas vacation destinations
Christmas vacation destinationsCheapTicketsHK
 
YIMF 2013 Museum transformation in the digital age
YIMF 2013 Museum transformation in the digital ageYIMF 2013 Museum transformation in the digital age
YIMF 2013 Museum transformation in the digital ageTiana Tasich
 
The time is right to focus on a model organism database
The time is right to focus on a model organism databaseThe time is right to focus on a model organism database
The time is right to focus on a model organism databaseChristoph Steinbeck
 
Ban on Rs. 1000 and Rs. 500 Currency Notes in India - An Anti Corruption Move
Ban on Rs. 1000 and Rs. 500 Currency Notes in India - An Anti Corruption MoveBan on Rs. 1000 and Rs. 500 Currency Notes in India - An Anti Corruption Move
Ban on Rs. 1000 and Rs. 500 Currency Notes in India - An Anti Corruption MoveMotilal Oswal Financial Services
 
πρώτη πανελλήνια ημέρα σχολικού αθλητισμού στο 88ο δσ
πρώτη πανελλήνια ημέρα σχολικού αθλητισμού στο 88ο δσπρώτη πανελλήνια ημέρα σχολικού αθλητισμού στο 88ο δσ
πρώτη πανελλήνια ημέρα σχολικού αθλητισμού στο 88ο δσ88DIMATH
 
Streching exercises
Streching exercisesStreching exercises
Streching exercisesglorirosky
 
Social Media Strategies for Start Up Companies
Social Media Strategies for Start Up CompaniesSocial Media Strategies for Start Up Companies
Social Media Strategies for Start Up CompaniesMichael DeAloia
 
How @MyBlogU Expert Interviews Feature Helps You Create "Retweetable" Content
How @MyBlogU Expert Interviews Feature Helps You Create "Retweetable" Content How @MyBlogU Expert Interviews Feature Helps You Create "Retweetable" Content
How @MyBlogU Expert Interviews Feature Helps You Create "Retweetable" Content Ann Smarty
 
Think like a Geographer!
Think like a Geographer!Think like a Geographer!
Think like a Geographer!Simon Jones
 
asistencia administrativa
asistencia administrativaasistencia administrativa
asistencia administrativabryancoral
 

Andere mochten auch (20)

Authentication for Droids
Authentication for DroidsAuthentication for Droids
Authentication for Droids
 
BAJKI DLA DZIECI
BAJKI DLA DZIECIBAJKI DLA DZIECI
BAJKI DLA DZIECI
 
Travel Guide - Prague, Dublin, Lisbon
Travel Guide - Prague, Dublin, LisbonTravel Guide - Prague, Dublin, Lisbon
Travel Guide - Prague, Dublin, Lisbon
 
Christmas vacation destinations
Christmas vacation destinationsChristmas vacation destinations
Christmas vacation destinations
 
YIMF 2013 Museum transformation in the digital age
YIMF 2013 Museum transformation in the digital ageYIMF 2013 Museum transformation in the digital age
YIMF 2013 Museum transformation in the digital age
 
Athletics
AthleticsAthletics
Athletics
 
The time is right to focus on a model organism database
The time is right to focus on a model organism databaseThe time is right to focus on a model organism database
The time is right to focus on a model organism database
 
Английский сленг (А-С)
Английский сленг (А-С)Английский сленг (А-С)
Английский сленг (А-С)
 
nciprc8004
nciprc8004nciprc8004
nciprc8004
 
Operatingsystems 6grade
Operatingsystems 6gradeOperatingsystems 6grade
Operatingsystems 6grade
 
Ban on Rs. 1000 and Rs. 500 Currency Notes in India - An Anti Corruption Move
Ban on Rs. 1000 and Rs. 500 Currency Notes in India - An Anti Corruption MoveBan on Rs. 1000 and Rs. 500 Currency Notes in India - An Anti Corruption Move
Ban on Rs. 1000 and Rs. 500 Currency Notes in India - An Anti Corruption Move
 
πρώτη πανελλήνια ημέρα σχολικού αθλητισμού στο 88ο δσ
πρώτη πανελλήνια ημέρα σχολικού αθλητισμού στο 88ο δσπρώτη πανελλήνια ημέρα σχολικού αθλητισμού στο 88ο δσ
πρώτη πανελλήνια ημέρα σχολικού αθλητισμού στο 88ο δσ
 
Streching exercises
Streching exercisesStreching exercises
Streching exercises
 
track records
track recordstrack records
track records
 
Social Media Strategies for Change Management
Social Media Strategies for Change ManagementSocial Media Strategies for Change Management
Social Media Strategies for Change Management
 
Social Media Strategies for Start Up Companies
Social Media Strategies for Start Up CompaniesSocial Media Strategies for Start Up Companies
Social Media Strategies for Start Up Companies
 
Athletics
AthleticsAthletics
Athletics
 
How @MyBlogU Expert Interviews Feature Helps You Create "Retweetable" Content
How @MyBlogU Expert Interviews Feature Helps You Create "Retweetable" Content How @MyBlogU Expert Interviews Feature Helps You Create "Retweetable" Content
How @MyBlogU Expert Interviews Feature Helps You Create "Retweetable" Content
 
Think like a Geographer!
Think like a Geographer!Think like a Geographer!
Think like a Geographer!
 
asistencia administrativa
asistencia administrativaasistencia administrativa
asistencia administrativa
 

Ähnlich wie How to live with SELinux

CoreOS, or How I Learned to Stop Worrying and Love Systemd
CoreOS, or How I Learned to Stop Worrying and Love SystemdCoreOS, or How I Learned to Stop Worrying and Love Systemd
CoreOS, or How I Learned to Stop Worrying and Love SystemdRichard Lister
 
linux_Commads
linux_Commadslinux_Commads
linux_Commadstastedone
 
Linux Du Jour
Linux Du JourLinux Du Jour
Linux Du Jourmwedgwood
 
MINCS - containers in the shell script (Eng. ver.)
MINCS - containers in the shell script (Eng. ver.)MINCS - containers in the shell script (Eng. ver.)
MINCS - containers in the shell script (Eng. ver.)Masami Hiramatsu
 
Writing & Sharing Great Modules - Puppet Camp Boston
Writing & Sharing Great Modules - Puppet Camp BostonWriting & Sharing Great Modules - Puppet Camp Boston
Writing & Sharing Great Modules - Puppet Camp BostonPuppet
 
Cloud Meetup - Automation in the Cloud
Cloud Meetup - Automation in the CloudCloud Meetup - Automation in the Cloud
Cloud Meetup - Automation in the Cloudpetriojala123
 
Containers with systemd-nspawn
Containers with systemd-nspawnContainers with systemd-nspawn
Containers with systemd-nspawnGábor Nyers
 
Configuration Management with Cfengine
Configuration Management with CfengineConfiguration Management with Cfengine
Configuration Management with CfengineSteven Kreuzer
 
Practical Tips for Novell Cluster Services
Practical Tips for Novell Cluster ServicesPractical Tips for Novell Cluster Services
Practical Tips for Novell Cluster ServicesNovell
 
Developing IT infrastructures with Puppet
Developing IT infrastructures with PuppetDeveloping IT infrastructures with Puppet
Developing IT infrastructures with PuppetAlessandro Franceschi
 
Writing & Sharing Great Modules on the Puppet Forge
Writing & Sharing Great Modules on the Puppet ForgeWriting & Sharing Great Modules on the Puppet Forge
Writing & Sharing Great Modules on the Puppet ForgePuppet
 
Workflow story: Theory versus practice in Large Enterprises
Workflow story: Theory versus practice in Large EnterprisesWorkflow story: Theory versus practice in Large Enterprises
Workflow story: Theory versus practice in Large EnterprisesPuppet
 
Workflow story: Theory versus Practice in large enterprises by Marcin Piebiak
Workflow story: Theory versus Practice in large enterprises by Marcin PiebiakWorkflow story: Theory versus Practice in large enterprises by Marcin Piebiak
Workflow story: Theory versus Practice in large enterprises by Marcin PiebiakNETWAYS
 
Chef - industrialize and automate your infrastructure
Chef - industrialize and automate your infrastructureChef - industrialize and automate your infrastructure
Chef - industrialize and automate your infrastructureMichaël Lopez
 
Install and configure linux
Install and configure linuxInstall and configure linux
Install and configure linuxVicent Selfa
 

Ähnlich wie How to live with SELinux (20)

CoreOS, or How I Learned to Stop Worrying and Love Systemd
CoreOS, or How I Learned to Stop Worrying and Love SystemdCoreOS, or How I Learned to Stop Worrying and Love Systemd
CoreOS, or How I Learned to Stop Worrying and Love Systemd
 
linux_Commads
linux_Commadslinux_Commads
linux_Commads
 
Linux Du Jour
Linux Du JourLinux Du Jour
Linux Du Jour
 
Discovering OpenBSD on AWS
Discovering OpenBSD on AWSDiscovering OpenBSD on AWS
Discovering OpenBSD on AWS
 
MINCS - containers in the shell script (Eng. ver.)
MINCS - containers in the shell script (Eng. ver.)MINCS - containers in the shell script (Eng. ver.)
MINCS - containers in the shell script (Eng. ver.)
 
Writing & Sharing Great Modules - Puppet Camp Boston
Writing & Sharing Great Modules - Puppet Camp BostonWriting & Sharing Great Modules - Puppet Camp Boston
Writing & Sharing Great Modules - Puppet Camp Boston
 
Cloud Meetup - Automation in the Cloud
Cloud Meetup - Automation in the CloudCloud Meetup - Automation in the Cloud
Cloud Meetup - Automation in the Cloud
 
Containers with systemd-nspawn
Containers with systemd-nspawnContainers with systemd-nspawn
Containers with systemd-nspawn
 
Configuration Management with Cfengine
Configuration Management with CfengineConfiguration Management with Cfengine
Configuration Management with Cfengine
 
Practical Tips for Novell Cluster Services
Practical Tips for Novell Cluster ServicesPractical Tips for Novell Cluster Services
Practical Tips for Novell Cluster Services
 
Developing IT infrastructures with Puppet
Developing IT infrastructures with PuppetDeveloping IT infrastructures with Puppet
Developing IT infrastructures with Puppet
 
Ch23 system administration
Ch23 system administration Ch23 system administration
Ch23 system administration
 
Writing & Sharing Great Modules on the Puppet Forge
Writing & Sharing Great Modules on the Puppet ForgeWriting & Sharing Great Modules on the Puppet Forge
Writing & Sharing Great Modules on the Puppet Forge
 
Workflow story: Theory versus practice in Large Enterprises
Workflow story: Theory versus practice in Large EnterprisesWorkflow story: Theory versus practice in Large Enterprises
Workflow story: Theory versus practice in Large Enterprises
 
Workflow story: Theory versus Practice in large enterprises by Marcin Piebiak
Workflow story: Theory versus Practice in large enterprises by Marcin PiebiakWorkflow story: Theory versus Practice in large enterprises by Marcin Piebiak
Workflow story: Theory versus Practice in large enterprises by Marcin Piebiak
 
One-Man Ops
One-Man OpsOne-Man Ops
One-Man Ops
 
Chef - industrialize and automate your infrastructure
Chef - industrialize and automate your infrastructureChef - industrialize and automate your infrastructure
Chef - industrialize and automate your infrastructure
 
Metasploit Humla for Beginner
Metasploit Humla for BeginnerMetasploit Humla for Beginner
Metasploit Humla for Beginner
 
Linux
LinuxLinux
Linux
 
Install and configure linux
Install and configure linuxInstall and configure linux
Install and configure linux
 

Mehr von Bert Desmet

Scaling the cloud
Scaling the cloudScaling the cloud
Scaling the cloudBert Desmet
 
Security, you are also part of the game
Security, you are also part of the gameSecurity, you are also part of the game
Security, you are also part of the gameBert Desmet
 
How to gain karma
How to gain karmaHow to gain karma
How to gain karmaBert Desmet
 
Fedora 14 overview
Fedora 14 overviewFedora 14 overview
Fedora 14 overviewBert Desmet
 
Contribute or die
Contribute or dieContribute or die
Contribute or dieBert Desmet
 
Start hacking already
Start hacking alreadyStart hacking already
Start hacking alreadyBert Desmet
 

Mehr von Bert Desmet (7)

Scaling the cloud
Scaling the cloudScaling the cloud
Scaling the cloud
 
Security, you are also part of the game
Security, you are also part of the gameSecurity, you are also part of the game
Security, you are also part of the game
 
How to gain karma
How to gain karmaHow to gain karma
How to gain karma
 
Fedora 14 overview
Fedora 14 overviewFedora 14 overview
Fedora 14 overview
 
Contribute or die
Contribute or dieContribute or die
Contribute or die
 
Kvm
KvmKvm
Kvm
 
Start hacking already
Start hacking alreadyStart hacking already
Start hacking already
 

Kürzlich hochgeladen

Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 

Kürzlich hochgeladen (20)

Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 

How to live with SELinux

Hinweis der Redaktion

  1. MLS: Multi-Level Security RBAC: Role-based access control TE: Type Enforcement MAC: mandatory acces control <-> DAC: Discretionary acces control Adds extra control over processes and users (what files can x or y change)
  2. Good access control, unlike DAC from normal linux system. SELinux user, role, type, level while linux user only have a group and user id Reduces vulnerability to attacks due to access control. Intruders can only access the files the software (like httpd) really need Confined servers: selinux has the abitilty to confine services and deamons so that they are more predictable and are only allowed acces that is required for their normal operation
  3. Independent from normal linux ownerships blah blah
  4. Var/log/messages are better readable, but rsyslogd is not always running. Chkconfig –levels 2345 rsyslogd on
  5. Booleans Changed at runtime No policy writing
  6. Predefined policies The semanage boolean command doesn't work yet on RH/Centos 5.x -P flag makes it persistent over reboots
  7. Identity authorized for specific set of roles, and mls range. Semange login -l Each linux user is mapped to a sel user Role is part of the RBAC model. Type is an attribute of type enforcement. Defines domain for processes, and type for files. Level of security is attribute for MLS. For process, unconfined_t : is not checked (in targeted)
  8. Chcon -t httpd_sys_content_t /web Use full path of file/dir Restore only works with chcon semange fcontext adds rule to file.contexts.local, chcon doesn't After a fcontext -d run restorecon again.
  9. Fixfiles relabel can make system unstable Fixfiles -R relies on rpm database
  10. Standard type: nfs_t Context changes to the files on the mount won't work. Chcon results in “operation not supported” /dev/sda2: assumes there are no rules that define context for /foo/ Files will keep context when changed Persistent: fstab
  11. If you copy a file over a file, original context is preserved
  12. matchpathcon - get the default security context for the specified path from the file contexts configuration. Semodule -D : disables dontaudit rules -B : rebuilds policy Run semodule -B again after debugging
  13. cat $name.te
  14. Semodule: import the module