SlideShare ist ein Scribd-Unternehmen logo

Load2010 Se Linux Presentation

L
loadays
Technologie
1 von 18
Downloaden Sie, um offline zu lesen
An Introduction to SELinux Toshaan Bharvani - VanTosh bvba An Introduction to SELinux Introduction How to use it Toshaan Bharvani - VanTosh bvba SELinux states <toshaan@vantosh.com> Managing SELinux Policies The End Linux Open Administration Days 10 April 2010 An Introduction to SELinux Toshaan Bharvani - VanTosh bvba 1 / 18
An Introduction $ whoami to SELinux Toshaan Bharvani - VanTosh bvba Introduction How to use it SELinux Toshaan Bharvani states Managing Currently working at VanTosh SELinux Policies Has been involved with CentOS The End Like to keep everything secure Involved with hardware and software An Introduction to SELinux Toshaan Bharvani - VanTosh bvba 2 / 18
An Introduction Table of contents to SELinux Toshaan Bharvani - VanTosh bvba Introduction How to use it 1 Introduction SELinux states Managing SELinux Policies 2 How to use it The End SELinux states Managing SELinux Policies An Introduction to SELinux Toshaan Bharvani - VanTosh bvba 3 / 18
An Introduction to SELinux Toshaan Bharvani - VanTosh bvba Introduction How to use it SELinux states 1 Managing SELinux Policies Introduction The End An Introduction to SELinux Toshaan Bharvani - VanTosh bvba 4 / 18
An Introduction What is SELinux to SELinux Toshaan Bharvani - VanTosh bvba Introduction How to use it SELinux states SELinux = Security-Enhanced Linux Managing SELinux Mechanism for supporting mandatory access control Policies security policies The End Linux Security Modules (LSM) run in the Linux kernel An Introduction to SELinux Toshaan Bharvani - VanTosh bvba 5 / 18
An Introduction SELinux features to SELinux Toshaan Separation of policy from enforcement Bharvani - VanTosh bvba Predefined policy interfaces Introduction Support for applications querying the policy and enforcing How to use it access control SELinux states Independent of specific policies, policy languages, security Managing label formats and contents SELinux Policies Caching of access decisions for efficiency The End Policy changes are possible (!!!) Separate measures for protecting system integrity and data confidentiality Controls over process initialization and inheritance and program execution Controls file systems, directories, files, and open file descriptors Controls over sockets, messages, and network interfaces An Introduction to SELinux Toshaan Bharvani - VanTosh bvba 6 / 18
An Introduction Where is SELinux to SELinux Toshaan Bharvani - VanTosh bvba Introduction How to use it Redhat Enterprise Linux v4 / v5 SELinux states CentOS v4 / v5 Managing SELinux Novel SLES, OpenSuSE Policies The End Gentoo Debian ... An Introduction to SELinux Toshaan Bharvani - VanTosh bvba 7 / 18
An Introduction Misconceptions about SELinux to SELinux Toshaan Bharvani - VanTosh bvba Introduction How to use it SELinux states Managing SELinux “Life is too short for SELinux” – Theodore Ts’o Policies Upstream vendors requires me to disable SELinux The End An Introduction to SELinux Toshaan Bharvani - VanTosh bvba 8 / 18
An Introduction Why use SELinux? to SELinux Toshaan Bharvani - VanTosh bvba Introduction How to use it SELinux states Managing It confines services in compartments SELinux Policies No, it isn’t difficult The End Increases security An Introduction to SELinux Toshaan Bharvani - VanTosh bvba 9 / 18
An Introduction to SELinux Toshaan Bharvani - VanTosh bvba Introduction How to use it SELinux states 2 Managing SELinux Policies How to use it The End An Introduction to SELinux Toshaan Bharvani - VanTosh bvba 10 / 18
An Introduction Changing SELinux states to SELinux Toshaan Bharvani - VanTosh bvba Introduction How to use it Enforcing SELinux states Enable and enforce the SELinux security policy on the Managing system, denying access and logging actions SELinux Policies Permissive The End Enables, but will not enforce the security policy, only warn and log actions Disabled SELinux is turned off An Introduction to SELinux Toshaan Bharvani - VanTosh bvba 11 / 18
An Introduction Checking the state of SELinux to SELinux Toshaan Bharvani - VanTosh bvba Introduction How to use it SELinux states Managing sestatus SELinux Policies Enforcing The End Permissive An Introduction to SELinux Toshaan Bharvani - VanTosh bvba 12 / 18
An Introduction Access Control to SELinux Toshaan Bharvani - VanTosh bvba Introduction How to use it Type Enforcement (TE) SELinux The primary mechanism of access control used in the states Managing targeted policy SELinux Role-Based Access Control (RBAC) Policies Based around SELinux users (not necessarily the same as The End the Linux user) Multi-Level Security (MLS) Not used and often hidden in the default targeted policy. An Introduction to SELinux Toshaan Bharvani - VanTosh bvba 13 / 18
An Introduction Relabbeling files to SELinux Toshaan Bharvani - VanTosh bvba Introduction How to use it chcon -R -t httpd sys content t /usr/srv/www SELinux states semanage fcontext -a -t httpd sys content t Managing ”/usr/srv/www(/.*)?” SELinux Policies restorecon -Rv -n /var/www/html The End Relabelling whole the filesystem genhomedircon touch /.autorelabel reboot An Introduction to SELinux Toshaan Bharvani - VanTosh bvba 14 / 18
An Introduction Enabling bools & ports to SELinux Toshaan Bharvani - VanTosh bvba Introduction How to use it SELinux Managing ports states Managing semanage port -l SELinux semanage port -a -t http port t -p tcp 8181 Policies The End Managing predefined policies getsebool -a — grep samba setsebool -P samba enable home dirs on An Introduction to SELinux Toshaan Bharvani - VanTosh bvba 15 / 18
An Introduction Generating policies to SELinux Toshaan Bharvani - VanTosh bvba Introduction How to use it SELinux states Managing less /var/log/audit/audit.log SELinux Policies grep zarafa /var/log/audit/audit.log — audit2allow -m The End zarafa > zarafa.te An Introduction to SELinux Toshaan Bharvani - VanTosh bvba 16 / 18
An Introduction Some Policy to SELinux Toshaan Bharvani - VanTosh bvba Introduction How to use it SELinux states Managing Dovecot Policy SELinux Policies Zarafa Policy The End Spamassassin Policy An Introduction to SELinux Toshaan Bharvani - VanTosh bvba 17 / 18
An Introduction The End to SELinux Toshaan Bharvani - VanTosh bvba Introduction How to use it SELinux states Thank You Managing SELinux Policies The End Toshaan Bharvani - VanTosh bvba <toshaan@vantosh.com> http://www.vantosh.com/publications A Made with Beamer L TEX a TEXbased Presentation program An Introduction to SELinux Toshaan Bharvani - VanTosh bvba 18 / 18

Empfohlen

Outsource Cad Brochure
Outsource Cad BrochureOutsource Cad Brochure
Outsource Cad Brochureoutsourcecad
 
Social MediaTools For Today's Recruiters
Social MediaTools For Today's RecruitersSocial MediaTools For Today's Recruiters
Social MediaTools For Today's RecruitersThe Tech Cult
 
Presentation Gosa Loaddays2010
Presentation Gosa Loaddays2010Presentation Gosa Loaddays2010
Presentation Gosa Loaddays2010loadays
 
Class 7 f500
Class 7 f500Class 7 f500
Class 7 f500Kelly
 
Technical Presentation Zcp
Technical Presentation ZcpTechnical Presentation Zcp
Technical Presentation Zcploadays
 
Load2010 Enterprise Linux Open Space
Load2010 Enterprise Linux Open SpaceLoad2010 Enterprise Linux Open Space
Load2010 Enterprise Linux Open Spaceloadays
 
Analiza - funkcje
Analiza - funkcjeAnaliza - funkcje
Analiza - funkcjeknbb_mat
 
Puppet managed loadays
Puppet managed loadaysPuppet managed loadays
Puppet managed loadaysloadays
 

Empfohlen

Outsource Cad Brochure
Outsource Cad BrochureOutsource Cad Brochure
Outsource Cad Brochureoutsourcecad
 
Social MediaTools For Today's Recruiters
Social MediaTools For Today's RecruitersSocial MediaTools For Today's Recruiters
Social MediaTools For Today's RecruitersThe Tech Cult
 
Presentation Gosa Loaddays2010
Presentation Gosa Loaddays2010Presentation Gosa Loaddays2010
Presentation Gosa Loaddays2010loadays
 
Class 7 f500
Class 7 f500Class 7 f500
Class 7 f500Kelly
 
Technical Presentation Zcp
Technical Presentation ZcpTechnical Presentation Zcp
Technical Presentation Zcploadays
 
Load2010 Enterprise Linux Open Space
Load2010 Enterprise Linux Open SpaceLoad2010 Enterprise Linux Open Space
Load2010 Enterprise Linux Open Spaceloadays
 
Analiza - funkcje
Analiza - funkcjeAnaliza - funkcje
Analiza - funkcjeknbb_mat
 
Puppet managed loadays
Puppet managed loadaysPuppet managed loadays
Puppet managed loadaysloadays
 
SELinux concept in rhel_Linux_today.pptx
SELinux concept in rhel_Linux_today.pptxSELinux concept in rhel_Linux_today.pptx
SELinux concept in rhel_Linux_today.pptxAbhradipChatterjee2
 
4 effective methods to disable se linux temporarily or permanently
4 effective methods to disable se linux temporarily or permanently4 effective methods to disable se linux temporarily or permanently
4 effective methods to disable se linux temporarily or permanentlychinkshady
 
SELinux for Everyday Users
SELinux for Everyday UsersSELinux for Everyday Users
SELinux for Everyday UsersPaulWay
 
SELinux Basic Usage
SELinux Basic UsageSELinux Basic Usage
SELinux Basic UsageDmytro Minochkin
 
SELinux_@gnu_group_meetup
SELinux_@gnu_group_meetupSELinux_@gnu_group_meetup
SELinux_@gnu_group_meetupJayant Chutke
 
selinuxbasicusage.pptx
selinuxbasicusage.pptxselinuxbasicusage.pptx
selinuxbasicusage.pptxPandiya Rajan
 
Selinux
SelinuxSelinux
SelinuxAnkit Raj
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 

Weitere ähnliche Inhalte

Ähnlich wie Load2010 Se Linux Presentation

SELinux concept in rhel_Linux_today.pptx
SELinux concept in rhel_Linux_today.pptxSELinux concept in rhel_Linux_today.pptx
SELinux concept in rhel_Linux_today.pptxAbhradipChatterjee2
 
4 effective methods to disable se linux temporarily or permanently
4 effective methods to disable se linux temporarily or permanently4 effective methods to disable se linux temporarily or permanently
4 effective methods to disable se linux temporarily or permanentlychinkshady
 
SELinux for Everyday Users
SELinux for Everyday UsersSELinux for Everyday Users
SELinux for Everyday UsersPaulWay
 
SELinux_@gnu_group_meetup
SELinux_@gnu_group_meetupSELinux_@gnu_group_meetup
SELinux_@gnu_group_meetupJayant Chutke
 
selinuxbasicusage.pptx
selinuxbasicusage.pptxselinuxbasicusage.pptx
selinuxbasicusage.pptxPandiya Rajan
 

Ähnlich wie Load2010 Se Linux Presentation (7)

SELinux concept in rhel_Linux_today.pptx
SELinux concept in rhel_Linux_today.pptxSELinux concept in rhel_Linux_today.pptx
SELinux concept in rhel_Linux_today.pptx
 
4 effective methods to disable se linux temporarily or permanently
4 effective methods to disable se linux temporarily or permanently4 effective methods to disable se linux temporarily or permanently
4 effective methods to disable se linux temporarily or permanently
 
SELinux for Everyday Users
SELinux for Everyday UsersSELinux for Everyday Users
SELinux for Everyday Users
 
SELinux Basic Usage
SELinux Basic UsageSELinux Basic Usage
SELinux Basic Usage
 
SELinux_@gnu_group_meetup
SELinux_@gnu_group_meetupSELinux_@gnu_group_meetup
SELinux_@gnu_group_meetup
 
selinuxbasicusage.pptx
selinuxbasicusage.pptxselinuxbasicusage.pptx
selinuxbasicusage.pptx
 
Selinux
SelinuxSelinux
Selinux
 

Kürzlich hochgeladen

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 

Kürzlich hochgeladen (20)

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 

Load2010 Se Linux Presentation

  • 1. An Introduction to SELinux Toshaan Bharvani - VanTosh bvba An Introduction to SELinux Introduction How to use it Toshaan Bharvani - VanTosh bvba SELinux states <toshaan@vantosh.com> Managing SELinux Policies The End Linux Open Administration Days 10 April 2010 An Introduction to SELinux Toshaan Bharvani - VanTosh bvba 1 / 18
  • 2. An Introduction $ whoami to SELinux Toshaan Bharvani - VanTosh bvba Introduction How to use it SELinux Toshaan Bharvani states Managing Currently working at VanTosh SELinux Policies Has been involved with CentOS The End Like to keep everything secure Involved with hardware and software An Introduction to SELinux Toshaan Bharvani - VanTosh bvba 2 / 18
  • 3. An Introduction Table of contents to SELinux Toshaan Bharvani - VanTosh bvba Introduction How to use it 1 Introduction SELinux states Managing SELinux Policies 2 How to use it The End SELinux states Managing SELinux Policies An Introduction to SELinux Toshaan Bharvani - VanTosh bvba 3 / 18
  • 4. An Introduction to SELinux Toshaan Bharvani - VanTosh bvba Introduction How to use it SELinux states 1 Managing SELinux Policies Introduction The End An Introduction to SELinux Toshaan Bharvani - VanTosh bvba 4 / 18
  • 5. An Introduction What is SELinux to SELinux Toshaan Bharvani - VanTosh bvba Introduction How to use it SELinux states SELinux = Security-Enhanced Linux Managing SELinux Mechanism for supporting mandatory access control Policies security policies The End Linux Security Modules (LSM) run in the Linux kernel An Introduction to SELinux Toshaan Bharvani - VanTosh bvba 5 / 18
  • 6. An Introduction SELinux features to SELinux Toshaan Separation of policy from enforcement Bharvani - VanTosh bvba Predefined policy interfaces Introduction Support for applications querying the policy and enforcing How to use it access control SELinux states Independent of specific policies, policy languages, security Managing label formats and contents SELinux Policies Caching of access decisions for efficiency The End Policy changes are possible (!!!) Separate measures for protecting system integrity and data confidentiality Controls over process initialization and inheritance and program execution Controls file systems, directories, files, and open file descriptors Controls over sockets, messages, and network interfaces An Introduction to SELinux Toshaan Bharvani - VanTosh bvba 6 / 18
  • 7. An Introduction Where is SELinux to SELinux Toshaan Bharvani - VanTosh bvba Introduction How to use it Redhat Enterprise Linux v4 / v5 SELinux states CentOS v4 / v5 Managing SELinux Novel SLES, OpenSuSE Policies The End Gentoo Debian ... An Introduction to SELinux Toshaan Bharvani - VanTosh bvba 7 / 18
  • 8. An Introduction Misconceptions about SELinux to SELinux Toshaan Bharvani - VanTosh bvba Introduction How to use it SELinux states Managing SELinux “Life is too short for SELinux” – Theodore Ts’o Policies Upstream vendors requires me to disable SELinux The End An Introduction to SELinux Toshaan Bharvani - VanTosh bvba 8 / 18
  • 9. An Introduction Why use SELinux? to SELinux Toshaan Bharvani - VanTosh bvba Introduction How to use it SELinux states Managing It confines services in compartments SELinux Policies No, it isn’t difficult The End Increases security An Introduction to SELinux Toshaan Bharvani - VanTosh bvba 9 / 18
  • 10. An Introduction to SELinux Toshaan Bharvani - VanTosh bvba Introduction How to use it SELinux states 2 Managing SELinux Policies How to use it The End An Introduction to SELinux Toshaan Bharvani - VanTosh bvba 10 / 18
  • 11. An Introduction Changing SELinux states to SELinux Toshaan Bharvani - VanTosh bvba Introduction How to use it Enforcing SELinux states Enable and enforce the SELinux security policy on the Managing system, denying access and logging actions SELinux Policies Permissive The End Enables, but will not enforce the security policy, only warn and log actions Disabled SELinux is turned off An Introduction to SELinux Toshaan Bharvani - VanTosh bvba 11 / 18
  • 12. An Introduction Checking the state of SELinux to SELinux Toshaan Bharvani - VanTosh bvba Introduction How to use it SELinux states Managing sestatus SELinux Policies Enforcing The End Permissive An Introduction to SELinux Toshaan Bharvani - VanTosh bvba 12 / 18
  • 13. An Introduction Access Control to SELinux Toshaan Bharvani - VanTosh bvba Introduction How to use it Type Enforcement (TE) SELinux The primary mechanism of access control used in the states Managing targeted policy SELinux Role-Based Access Control (RBAC) Policies Based around SELinux users (not necessarily the same as The End the Linux user) Multi-Level Security (MLS) Not used and often hidden in the default targeted policy. An Introduction to SELinux Toshaan Bharvani - VanTosh bvba 13 / 18
  • 14. An Introduction Relabbeling files to SELinux Toshaan Bharvani - VanTosh bvba Introduction How to use it chcon -R -t httpd sys content t /usr/srv/www SELinux states semanage fcontext -a -t httpd sys content t Managing ”/usr/srv/www(/.*)?” SELinux Policies restorecon -Rv -n /var/www/html The End Relabelling whole the filesystem genhomedircon touch /.autorelabel reboot An Introduction to SELinux Toshaan Bharvani - VanTosh bvba 14 / 18
  • 15. An Introduction Enabling bools & ports to SELinux Toshaan Bharvani - VanTosh bvba Introduction How to use it SELinux Managing ports states Managing semanage port -l SELinux semanage port -a -t http port t -p tcp 8181 Policies The End Managing predefined policies getsebool -a — grep samba setsebool -P samba enable home dirs on An Introduction to SELinux Toshaan Bharvani - VanTosh bvba 15 / 18
  • 16. An Introduction Generating policies to SELinux Toshaan Bharvani - VanTosh bvba Introduction How to use it SELinux states Managing less /var/log/audit/audit.log SELinux Policies grep zarafa /var/log/audit/audit.log — audit2allow -m The End zarafa > zarafa.te An Introduction to SELinux Toshaan Bharvani - VanTosh bvba 16 / 18
  • 17. An Introduction Some Policy to SELinux Toshaan Bharvani - VanTosh bvba Introduction How to use it SELinux states Managing Dovecot Policy SELinux Policies Zarafa Policy The End Spamassassin Policy An Introduction to SELinux Toshaan Bharvani - VanTosh bvba 17 / 18
  • 18. An Introduction The End to SELinux Toshaan Bharvani - VanTosh bvba Introduction How to use it SELinux states Thank You Managing SELinux Policies The End Toshaan Bharvani - VanTosh bvba <toshaan@vantosh.com> http://www.vantosh.com/publications A Made with Beamer L TEX a TEXbased Presentation program An Introduction to SELinux Toshaan Bharvani - VanTosh bvba 18 / 18