Course Description
Red Hat Enterprise SELinux Policy Administration (RHS429)
This class culminates in a major project to analyze, determine the security needs of, and design and implement a set of net-new policies for a service previously unprotected by SELinux.
Who Should Attend:
Senior System Administrators, Security Administrators, and Application Programmers.
Duration:
* Classroom Learning - 4 Day(s)
Exam:
EX429
Lesson 1: Introduction to SELinux
* Discretionary access control vs. mandatory access control
* SELinux history and architecture overview
* Elements of the SELinux security model: user identity and role; domain and type; sensitivity and categories; security context
* SELinux policy and Red Hat's targeted policy
* Configuring policy with Booleans
* Archiving
* Setting and displaying extended attributes
Lesson 2: Using SELinux
* Controlling SELinux
* File contexts
* Relabeling files and file systems
* Mount options
Lesson 3: The Red Hat targeted policy
* Identifying and toggling protected services
* • Apache security contexts and configuration Booleans
* • Name service contexts and configuration Booleans
* NIS client contexts
* Other services
* File context for special directory trees
* Troubleshooting and avc denial messages
* SE troubleshooting and logging
Lesson 4: Introduction to policies
* Policy overview and organization
* Compiling and loading the monolithic policy and policy modules
* Policy type enforcement module syntax
* Object classes
* Domain transition
Lesson 5: Policy utilities
* Tools available for manipulating and analyzing policies: apol, seaudit and seaudit_report, checkpolicy, sepcut, sesearch, sestatus, audit2allow and audit2why, sealert, avcstat, seinfo, semanage and semodule, man pages
Lesson 6: User and role security
* Role-based access control
* Multicategory security
* Defining a security administrator
* Multilevel security
* The strict policy
* User identification and declaration
* Role identification and declaration
* Roles in use in transitions
* Role dominance
Lesson 7: Anatomy of a policy
* Policy macros
* Type attributes and aliases
* Type transitions
* When and how files get labeled
* restorecond
* Customizable types
Lesson 8: Manipulating policies
* Installing and compiling policies
* The policy language
* Access vector
* SELinux logs
* Security Identifiers - SIDs
* File-system labeling behavior
* Context on network objects
* Creating and using new Booleans
* Manipulating policy by example
* Macros
* Enableaudit
Lesson 9: Project
* Best practices
* Creating file contexts, types, and typealiases
* Editing and creating network contexts
* Editing and creating domains
Agenda
Introduction to SELinux
- Discretionary access control vs. mandatory access control
SELinux history and architecture overview
Elements of the SELinux security model: user identity and role; domain and type; sensitivity and categories; security context
SELinux policy and Red Hat's targeted policy
Configuring policy with Booleans
Archiving
Setting and displaying extended attributes
Using SELinux
- Controlling SELinux
File contexts
Relabeling files and file systems
Mount options
The Red Hat targeted policy
- Identifying and toggling protected services
• Apache security contexts and configuration Booleans
• Name service contexts and configuration Booleans
NIS client contexts
Other services
File context for special directory trees
Troubleshooting and avc denial messages
SE troubleshooting and logging
Introduction to policies
- Policy overview and organization
Compiling and loading the monolithic policy and policy modules
Policy type enforcement module syntax
Object classes
Domain transition
Policy utilities
- Tools available for manipulating and analyzing policies: apol, seaudit and seaudit_report, checkpolicy, sepcut, sesearch, sestatus, audit2allow and audit2why, sealert, avcstat, seinfo, semanage and semodule, man pages
User and role security
- Role-based access control
Multicategory security
Defining a security administrator
Multilevel security
The strict policy
User identification and declaration
Role identification and declaration
Roles in use in transitions
Role dominance
Anatomy of a policy
- Policy macros
Type attributes and aliases
Type transitions
When and how files get labeled
restorecond
Customizable types
Manipulating policies
- Installing and compiling policies
The policy language
Access vector
SELinux logs
Security Identifiers - SIDs
File-system labeling behavior
Context on network objects
Creating and using new Booleans
Manipulating policy by example
Macros
Enableaudit
Project
- Best practices
Creating file contexts, types, and typealiases
Editing and creating network contexts
Editing and creating domains
Comments
Virtual Red Hat Enterprise SELinux Policy Administration (RHS429) Online Live training option
Imagine an industry-leading classroom training experience from wherever you have access to the Internet.
The Virtual Online Live events listed here gives you an effective and proven online virtual learning experience with the freedom to attend virtually from anywhere.
There is also an option of experiencing Online Live from one of the many national partner centers where a computer and headset will be provided for you.
This rich and engaging virtual classroom environment lets you conveniently interact with instructors and other students.
You will hear and see your instructor as they teach the course and answer your questions via voice or text.
Choose the online live virtual training option and you can access the recorded version even after the class has finished.
The onDemand labs give you access to the same client and server technologies covered in class so you can test, apply and hone your skills by accessing the labs before and even after the class.
Technical Requirements: a computer or laptop with a modern browser and high speed internet access along with one or two monitors.