RHS429 - Red Hat Enterprise SELinux Policy Administration



Similar documents
Linux Security on HP Servers: Security Enhanced Linux. Abstract. Intended Audience. Technical introduction

Red Hat System Administration 1(RH124) is Designed for IT Professionals who are new to Linux.

Security Enhanced Linux and the Path Forward

What is included in the ATRC server support

Small Systems Solutions is the. Premier Red Hat and Professional. VMware Certified Partner and Reseller. in Saudi Arabia, as well a competent

RHCSA 7RHCE Red Haf Linux Certification Practice

SELinux. Security Enhanced Linux

Administering the Web Server (IIS) Role of Windows Server

RH033 Red Hat Linux Essentials or equivalent experience with Red Hat Linux..

Planning, Deploying, and Managing an Enterprise Project Management Solution

SELinux course. Ing. Pavol Lupták, CISSP, CEH Lead Security Consultant, Nethemba s.r.o.

ENTERPRISE LINUX SECURITY ADMINISTRATION

GL-550: Red Hat Linux Security Administration. Course Outline. Course Length: 5 days

GL550 - Enterprise Linux Security Administration

GL254 - RED HAT ENTERPRISE LINUX SYSTEMS ADMINISTRATION III

Confining the Apache Web Server with Security-Enhanced Linux

ENTERPRISE LINUX NETWORKING SERVICES

GL275 - ENTERPRISE LINUX NETWORKING SERVICES

GL-275: Red Hat Linux Network Services. Course Outline. Course Length: 5 days

Microsoft Visual Basic Scripting Edition and Microsoft Windows Script Host Essentials

Table of Contents. Introduction. Audience. At Course Completion

ENTERPRISE LINUX NETWORKING SERVICES

Linux Troubleshooting. 5 Days

ENTERPRISE LINUX SECURITY ADMINISTRATION

Red Hat JBoss Core Services Apache HTTP Server 2.4 Apache HTTP Server Installation Guide

Automatic updates for Websense data endpoints

Managing Enterprise Devices and Apps using System Center Configuration Manager 20696B; 5 Days, Instructor-led

Administering the Web Server (IIS) Role of Windows Server 10972B; 5 Days

Course 6419B: Configuring, Managing and Maintaining Windows Server 2008-based Servers

Module 2: Deploying and Managing Active Directory Certificate Services

Linux System Administration on Red Hat

Designing a Microsoft SQL Server 2005 Infrastructure

Course 20341B: Core Solutions of Microsoft Exchange Server 2013

10972-Administering the Web Server (IIS) Role of Windows Server

Updating Your Windows Server 2008 Technology Skills to Windows Server 2008 R2

Red Hat Certifications: Red Hat Certified System Administrator (RHCSA)

Implementing and Managing Microsoft Desktop Virtualization

10972B: Administering the Web Server (IIS) Role of Windows Server

Configuring and Troubleshooting Internet Information Services in Windows Server 2008

Designing, Optimizing and Maintaining a Database Administrative Solution for Microsoft SQL Server 2008

Course Outline. Course 6419 : Configuring, Managing and Maintaining Windows Server 2008-based Servers. Duration: 5 Days

Implementing a Data Warehouse with Microsoft SQL Server 2012

Intelligent Data Management Framework in Microsoft Dynamics AX 2012

Core Solutions of Microsoft Exchange Server 2013

Course 6426: Configuring and Troubleshooting Identity & Access Solutions With Windows Server 2008 Active Directory Page 1 of 6

Oracle Linux Advanced Administration

Configuring, Managing and Maintaining Windows Server 2008-based Servers

MS Design, Optimize and Maintain Database for Microsoft SQL Server 2008

Core Solutions of Microsoft Lync Server 2013

Implementing and Maintaining Microsoft SQL Server 2008 Integration Services

Preliminary Course Syllabus

Implementing a Data Warehouse with Microsoft SQL Server 2012

GL-250: Red Hat Linux Systems Administration. Course Outline. Course Length: 5 days

Administering Microsoft Exchange Server ; 5 Days, Instructor-led

Configuring and Troubleshooting Identity and Access Solutions with Windows Server 2008 Active Directory

Course: Fundamentals of Microsoft Server 2008 Active Directory

Course MS20696A Managing Enterprise Devices and Apps using System Center Configuration Manager

M6425a Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

LEARNING SOLUTIONS website milner.com/learning phone

LEARNING SOLUTIONS website milner.com/learning phone

StarTel. Course Syllabus

Course Syllabus. Configuring and Troubleshooting Internet Information Services in Windows Server Key Data. Audience. At Course Completion

Course: Configuring and Troubleshooting Windows Server 2008 Active Direct-ory Domain Services

Planning, Implementing and Managing a Microsoft SharePoint 2003 Infrastructure

Virtualizing Enterprise Desktops and Apps

ADMINISTERING MICROSOFT EXCHANGE SERVER 2016

Course 20463:Implementing a Data Warehouse with Microsoft SQL Server

Course Outline: Course: Implementing a Data Warehouse with Microsoft SQL Server 2012 Learning Method: Instructor-led Classroom Learning

Implementing a Data Warehouse with Microsoft SQL Server 2012 (70-463)

Trusted RUBIX TM. Version 6. Installation and Quick Start Guide Red Hat Enterprise Linux 6 SELinux Platform. Revision 6

ENTERPRISE LINUX SYSTEM ADMINISTRATION

Core Solutions of Microsoft Exchange Server 2013 Course 20341B; 5 days, Instructor-led

Microsoft. Course 20463C: Implementing a Data Warehouse with Microsoft SQL Server

2667A - Introduction to Programming

Table of Contents. Introduction. Audience. At Course Completion. Prerequisites

MS 20341B: Core Solutions of Microsoft Exchange Server 2013

M6419 Configuring, Managing and Maintaining Windows Server 2008 Servers

Red Hat Linux Administration II Installation, Configuration, Software and Troubleshooting

Fedora 13 Managing Confined Services. Scott Radvan

Advanced Solutions of Microsoft Exchange Server 2013

2933A: Developing Business Process and Integration Solutions Using Microsoft BizTalk Server 2006

Core Solutions of Microsoft Exchange Server 2013 Course 20341A; 5 Days

Specialized Programme on Internetworking Design and LAN WAN Administration

MS Designing and Optimizing Database Solutions with Microsoft SQL Server 2008

Course 10777A: Implementing a Data Warehouse with Microsoft SQL Server 2012

Course 20336: Core Solutions of Microsoft Lync Server 2013

BrightStor ARCserve Backup for Linux

Microsoft Administering the Web Server (IIS) Role of Windows Server

Configuring and Troubleshooting Identity and Access Solutions with Windows Server 2008 Active Directory Course 6426C: Three days

Higher National Unit specification: general information

MS 6419 Configuring, Managing and Maintaining Windows Server 2008-based Servers

Configuring Advanced Windows Server 2012 Services 5 Days

Kaspersky Endpoint Security 8 for Linux INSTALLATION GUIDE

MS Configure and Troubleshoot Identity Access Solutions with Windows Server 2008 Active Directory

RedHat (RHEL) System Administration Course Summary

HJ594S. Configuring, Managing and Mantaining Windows Server 2008 Servers (6419)

Transcription:

RHS429 - Red Hat Enterprise SELinux Policy Administration Duration/Training Format /Global 04 Days (32 Hrs.) Instructor-Led Training Course Summary RHS429 introduces advanced system administrators, security administrators, and applications programmers to SELinux policy writing. Participants in this course will learn how SELinux works; how to manage SELinux; and how to write an SELinux policy. This class culiminates in a major project to scope out and then write policies for previously unprotected services. Among the most significant features of Red Hat Enterprise Linux is SELinux (Security Enhanced Linux), a powerful, kernel-level security layer that provides fine-grained control over what users and processes may access and execute on a system. By default, SELinux is enabled on Red Hat Enterprise Linux systems, enforcing a set of mandatory access controls that Red Hat calls the targeted policy. These access controls substantially enhance the security of the network services they target, but can sometimes affect the behavior of third-party applications and scripts that worked under previous versions of Red Hat Enterprise Linux. Goals RHS429 provides a four day tutorial on SELinux and SELinux policy writing. The first day of the course provides a introduction to SELinux, how it operates within the Red Hat targeted policy, and the tools used to manipulate it. The class then will spend the remaining days learning how policies are written, compiled, and debugged. This culminates in a project in which participants will create a set of policies from scratch for a previously unprotected service. The class will analyze the service, determining its security needs; design and implement a set of policies; test and fix the policies; document the service s new policies so that others can effectively administer the service. RHS429 is designed for computer security specialists and other system administrators responsible for setting and implementing security policies on a Linux computer. Applications programmers also may consider taking the course to understand how to provide a set of SELinux policies for third party applications. Audience Participants need not have indepth knowledge of SELinux, but should have a basic understanding of the SELinux security layer. For example, SELinux information as taught in RH133 or RH300 is sufficient. Prerequisites RHS429 requires RHCE-level skills. Prerequisite skills can be shown by passing the RHCE Exam in either RH302 or RH300, or by taking RH253 or by possessing comparable skills and knowledge. Note that RHS427 is not a prerequisite to this course; rather, that one day introduction to SELinux constitutes the first day of this course: the remaining three days cannot be 1

taken separately. Introduction Copyright Welcome Participant Introductions Red Hat Enterprise Linux Red Hat Enterprise Linux Variants Red Hat Network Other Red Hat Supported Software The Fedora Project Classroom Network of RHS429 Audience and Prerequisites What you will learn Unit 1 Introduction to SELinux Introduction Traditional DAC System SELinux System SELinux History What SELinux Can Do What SELinux Cannot Do Architecture User Identity and Role Domain / Type Sensitivities and Categories Security Context What is and SeLinux Policy? Targeted Policy Targeted Policy (cont.) Where is the policy? Security Context Information Using Security Context Information Access Control Example Access Control Example Archiving: tar Archiving: star Archiving: rsync Archiving: Get and Set Extended Attributes End of Unit 1 Lab 1: Understanding SELinux Sequence 1: First boot Sequence 2: Explore security contexts Sequence 3: Using rsync Sequence 4: Archiving Unit 2 Using SELinux Controlling SELinux Controlling SELinux (cont.) 2

File Contexts Relabel files Relabel files (cont.) Relabel a file system Mount options for SELinux End of Unit 2 Lab 2: Working with SELinux Sequence 1: Enforcing Mode Sequence 2: Boot options Sequence 3: Enabling user home directories Sequence 4: Moving a web page Unit 3 The Red Hat Targeted Policy Protected Services Identifying and Toggling Protected Services Identifying and Toggling Protected Services (cont.) Apache Apache Security Contexts Web Content Special Configuration Booleans for Apache Name Service Name Service Protection Name Service Contexts Special Configuration Boolean for BIND NIS Client NIS Client Contexts Some Other Services Some Other Services Contexts File Context for Special Directory Trees Troubleshooting Avc: denied Messages Avc: denied messages, example Setroubleshootd SELinux Logging Identify a Problem End of Unit 3 Lab 3: Understanding and Troubleshooting the Red Hat Targeted Policy Sequence 1: Accessing the student s web page Sequence 2: Using setsebool Sequence 3: Accessing the main web page Sequence 4: Using fixfiles Challenge Sequence 5: Setting mount contexts Unit 4 Introduction to Policies Policy Overview Policy Organization Installing the source RPM 3

Compiling the Monolithic Policy Loading the Monolithic Policy Compiling Policy Modules Loading policy Modules Policy Type Enforcement Module Syntax Policy Type Enforcement Module Syntax Example Object Classes Domain Transition End of Unit 4 Lab 4: Understanding policies Sequence 1: Exploring CGI scripts Sequence 2: Modifying an existing policy Unit 5 Policy Utilities Overview: Tools available for manipulating and analyzing policies seaudit Introductuon seaudit Demo: Monitor Logs seaudit Demo: Query Policy seaudit_report apol apol apol Demo: Policy Components apol Demo: Policy Rules apol Demo : Analysis How Security Policies can Iterfere with Services: httpd How can policies break execution of services: BIND Checkpolicy Sesearch Sestatus Audit2allow Audit2why Sealert Avcstat Seinfo Semanage Semodule End of Unit 5 Lab 5: Exploring Utilities Sequence 1: Relabeling Sequence 2: Exploring seaudit Sequence 3: Exploring apol Unit 6 User and Role Security Role-based Access Control Multi Category Security Defining Secadmin MLS The strict Policy 4

General Identification User Identification Users: system_u, users_u and root How users are declared Roles in use in Transitions Roles Dominance End of Unit 6 Lab 6: Implementing User and Role Based Policy Restrictions Sequence 1: Implementing MCS Sequence 2: Using the strict policy Unit 7 Anatomy of a Policy Policy Marcos Type Enforcement Type Attributes Types Type Aliases Type Transitions for objects When and how do files get labeled? Restorecond Customizable Types End of Unit 7 Lab 7: Manipulating Policies Sequence 1: Checking the current policy Sequence 2: Using sesearch to list the rules in a policy Sequence 3: audit2allow Sequence 4: type and typealias Sequence 5: type_transition Sequence 6: Using semanage and restorecond Unit 8 Manipulating Policies Installing and compiling policies The Policy Language Access vector SELinux logs Security Identifiers-SIDs Filesystem labeling behavior Statements: fs_use and genfs_contexts Context on network objects Booleans Creating new Booleans Using Booleans Examples: allow Examples: auditallow Examples: never allow Examples: dontaudit Examples: can_exec 5

Examples: macros Macros Enableaudit End of Unit 8 Lab 8 : Compiling Policies Sequence 1: Forcing SELinux labels upon a file system Sequence 2: Making Squid listen to a non-standard port Sequence 3: Protecting a new script Unit 9 Project Project: Best practices Overview of changes Project: Create File Contexts Project: Create File Types Project: Create File Typealiases Project: Edit or Create Network Contexts Project: Edit Domains Project: Create Domains Project: Create Domains, Macros End of Unit 9 Lab 9: Project: Writing Policy Sequence 1: Protect FTP Sequence 2: Protect FTP, Continued Sequence 3: FTP log Sequence 4: FTP with NFS home directories Sequence 5: FTP with automounted home directories Sequence 6: FTP server with Samba home directories Sequence 7: Tow Web servers Sequence 8: Treat httpd_sys_content_t and httpd_user_content_t Separately Challenge Sequence 9: Challenge 6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information