Red Hat Enterprise SELinux Policy Administration with Exam (RHS430)

Displaying courses for United States [Change]

Overview

Security-enhanced Linux® (SELinux) is a powerful kernel-level security layer that provides fine-grained control over which users and processes may access which resources and execute which programs on a system.

Objectives

Red Hat® Enterprise SELinux Policy Administration introduces senior system administrators, security administrators, and application programmers to SELinux policy writing. Students will learn how SELinux works and how to manage, write, compile, and debug an SELinux policy.

Audience


• Experienced Linux system administrators responsible for Mandatory Access Control (MAC)-based security or who want to harden their existing Linux system or networked services security.

Syllabus

Discretionary access control vs. mandatory access control

  • SELinux history and architecture overview
  • Elements of the SELinux security model: user identity and role; domain and type; sensitivity and categories; security context
  • SELinux Policy and Red Hat's targeted policy
  • Configuring policy with booleans
  • Archiving
  • Setting and displaying extended attributes

Using SELinux

  • Controlling SELinux
  • File contexts
  • Relabeling files and file systems
  • Mount options

The Red Hat Targeted Policy

  • Identifying and toggling protected services
  • Apache security contexts and configuration booleans
  • Name service contexts and configuration booleans
  • NIS client contexts
  • Other services
  • File context for special directory trees
  • Troubleshooting and avc denial messages
  • SE troubleshooting and logging

Introduction to policies

  • Policy overview and organization
  • Compiling and loading the monolithic policy and policy modules
  • Policy type enforcement module syntax
  • Object classes
  • Domain transition

Policy Utilities

  • Tools available for manipulating and analyzing policies: apol; seaudit and seaudit_report; checkpolicy; sepcut; sesearch; sestatus; audit2allow and audit2why; sealert; avcstat; seinfo; semanage and semodule; Main pages

User and Role Security

  • Role-based access control
  • Multicategory security
  • Defining a Security Administrator
  • Multilevel security
  • The strict policy
  • User identification and declaration
  • Role identification and declaration
  • Roles in use in transitions
  • Role dominance

Anatomy of a policy

  • Policy macros
  • Type attributes and aliases
  • Type transitions
  • When and how do files get labeled
  • restorecond
  • Customizable types

Maniuplating policies

  • Installing and compiling policies
  • The policy language
  • Access vector
  • SELinux logs
  • Security Identifiers (SIDs)
  • File system labeling behavior
  • Context on network objects
  • Creating and using new booleans
  • Manipulating policy by example
  • Macros
  • Enableaudit

Project

  • Best practices
  • Create file contexts, types, and typealiases
  • Edit and create network contexts
  • Edit and create domains

Training provider

Teaching mode:
Classroom - Instructor Led
Online - Instructor Led
Duration: 5 days
Gooroo has partnered with the global leaders in IT training to give you access to quality training, personalised to you, targeted at increasing your job opportunities and salary.

Our pricing

We do not display pricing as Gooroo members qualify for special discounts not available elsewhere. You must enquire through Gooroo to get this benefit.

New courses are happening all the time

Our partner's expert training consultant will provide you with the times and all the details you need. Enquire today.

Top skills covered in this course

Red Hat Linux
United States
This skill has an average salary of
US$102,938
and is mentioned in
0.21%
of job ads in this area.
Apache HTTP Server
United States
This skill has an average salary of
US$106,486
and is mentioned in
0.44%
of job ads in this area.
Debugging
United States
This skill has an average salary of
US$101,264
and is mentioned in
1.80%
of job ads in this area.