SELinux System Administration - Second Edition电子书

SELinux System Administration - Second Edition

SELinux System Administration - Second Edition

Credits

About the Author

About the Reviewers

www.PacktPub.com

Why subscribe?

Preface

What this book covers

What you need for this book

Who this book is for

Conventions

Reader feedback

Customer support

Errata

Piracy

Questions

1. Fundamental SELinux Concepts

Providing more security to Linux

Using Linux security modules

Extending regular DAC with SELinux

Restricting root privileges

Reducing the impact of vulnerabilities

Enabling SELinux support

Labeling all resources and objects

Dissecting the SELinux context

Enforcing access through types

Granting domain access through roles

Limiting roles through users

Controlling information flow through sensitivities

Defining and distributing policies

Writing SELinux policies

Distributing policies through modules

Bundling modules in a policy store

Distinguishing between policies

Supporting MLS

Dealing with unknown permissions

Supporting unconfined domains

Limiting cross-user sharing

Incrementing policy versions

Different policy content

Summary

2. Understanding SELinux Decisions and Logging

Switching SELinux on and off

Setting the global SELinux state

Switching to permissive (or enforcing) mode

Using kernel boot parameters

Disabling SELinux protections for a single service

Understanding SELinux-aware applications

SELinux logging and auditing

Following audit events

Uncovering more logging

Configuring Linux auditing

Configuring the local system logger

Reading SELinux denials

Other SELinux-related event types

USER_AVC

SELINUX_ERR

MAC_POLICY_LOAD

MAC_CONFIG_CHANGE

MAC_STATUS

NetLabel events

Labeled IPsec events

Using ausearch

Getting help with denials

Troubleshooting with setroubleshoot

Sending e-mails when SELinux denials occur

Using audit2why

Interacting with systemd-journal

Using common sense

Summary

3. Managing User Logins

User-oriented SELinux contexts

Understanding domain complexity

Querying for unconfined domains

SELinux users and roles

Listing SELinux user mappings

Mapping logins to SELinux users

Customizing logins towards services

Creating SELinux users

Listing accessible domains

Managing categories

Handling SELinux roles

Defining allowed SELinux contexts

Validating contexts with getseuser

Switching roles with newrole

Managing role access through sudo

Reaching other domains using runcon

Switching to the system role

SELinux and PAM

Assigning contexts through PAM

Prohibiting access during permissive mode

Polyinstantiating directories

Summary

4. Process Domains and File-Level Access Controls

About SELinux file contexts

Getting context information

Interpreting SELinux context types

Keeping or ignoring contexts

Inheriting the default context

Querying transition rules

Copying and moving files

Temporarily changing file contexts

Placing categories on files and directories

Using multilevel security on files

Backing up and restoring extended attributes

Using mount options to set SELinux contexts

SELinux file context expressions

Using context expressions

Registering file context changes

Using customizable types

Compiling the different file_contexts files

Exchanging local modifications

Modifying file contexts

Using setfiles, rlpkg, and fixfiles

Relabeling the entire file system

Automatically setting contexts with restorecond

The context of a process

Getting a process context

Transitioning towards a domain

Verifying a target context

Other supported transitions

Querying initial contexts

Limiting the scope of transitions

Sanitizing environments on transition

Disabling unconstrained transitions

Using Linux's NO_NEW_PRIVS

Types, permissions, and constraints

Understanding type attributes

Querying domain permissions

Learning about constraints

Summary

5. Controlling Network Communications

From IPC to TCP and UDP sockets

Using shared memory

Communicating locally through pipes

Conversing over UNIX domain sockets

Understanding netlink sockets

Dealing with TCP and UDP sockets

Listing connection contexts

Linux netfilter and SECMARK support

Introducing netfilter

Implementing security markings

Assigning labels to packets

Labeled networking

Fallback labeling with NetLabel

Limiting flows based on the network interface

Accepting peer communication from selected hosts

Verifying peer-to-peer flow

Using old-style controls

Labeled IPsec

Setting up regular IPsec

Enabling labeled IPsec

Using Libreswan

NetLabel/CIPSO

Configuring CIPSO mappings

Adding domain-specific mappings

Using local CIPSO definitions

Supporting IPv6 CALIPSO

Summary

6. sVirt and Docker Support

SELinux-secured virtualization

Introducing virtualization

Reviewing the risks of virtualization

Using nondynamic security models

Reusing existing virtualization domains

Understanding MCS

libvirt SELinux support

Differentiating between shared and dedicated resources

Assessing the libvirt architecture

Configuring libvirt for sVirt

Using static labels

Customizing labels

Using different storage pool locations

Interpreting output-only label information

Controlling available categories

Limiting supported hosts in a cluster

Modifying default contexts

Securing Docker containers

Understanding container security

Controlling non-sVirt Docker SELinux integration

Aligning Docker security with sVirt

Limiting container capabilities

Using different SELinux contexts

Relabeling volume mounts

Lowering SELinux controls for specific containers

Modifying default contexts

Summary

7. D-Bus and systemd

The system daemon (systemd)

Service support in systemd

Understanding unit files

Setting the SELinux context for a service

Using transient services

Requiring SELinux for a service

Relabeling files during service startup

Using socket-based activation

Governing unit operations access

Logging with systemd

Retrieving SELinux-related information

Querying logs given a SELinux context

Using setroubleshoot integration with journal

Using systemd containers

Initializing a systemd container

Using a specific SELinux context

Handling device files

Using udev rules

Setting a SELinux label on a device node

D-Bus communication

Understanding D-Bus

Controlling service acquisition with SELinux

Governing message flows

Summary

8. Working with SELinux Policies

SELinux booleans

Listing SELinux booleans

Changing boolean values

Inspecting the impact of a boolean

Enhancing SELinux policies

Listing policy modules

Loading and removing policy modules

Creating policies using audit2allow

Using sensible module names

Using refpolicy macros with audit2allow

Using selocal

Creating custom modules

Building SELinux native modules

Building reference policy modules

Building CIL policy modules

Adding file context definitions

Creating roles and user domains

Creating the pgsql_admin.te file

Creating the user rights

Granting interactive shell access

Generating skeleton user policy files

Creating new application domains

Creating the mojomojo.* files

Creating policy interfaces

Generating skeleton application policy files

Replacing existing policies

Replacing RHEL policies

Replacing Gentoo policies

Other uses of policy enhancements

Creating customized SECMARK types

Auditing access attempts

Creating customizable types

Summary

9. Analyzing Policy Behavior

Single-step analysis

Using different SELinux policy files

Displaying policy object information

Understanding sesearch

Querying allow rules

Querying type transition rules

Querying other type rules

Querying role related rules

Browsing with apol

Domain transition analysis

Using apol for domain transition analysis

Using sedta for domain transition analysis

Information flow analysis

Using apol for information flow analysis

Using seinfoflow for information flow analysis

Other policy analysis

Comparing policies with sediff

Analyzing policies with sepolicy

Summary

10. SELinux Use Cases

Hardening web servers

Describing the situation

Configuring for a multi-instance setup

Creating the SELinux categories

Choosing the right contexts

Enabling administrative accounts

Handling web server behavior

Dealing with content updates

Tuning the network and firewall rules

Securing shell services

Splitting SSH over multiple instances

Updating the network rules

Configuring for chrooted access

Associating SELinux mappings based on access

Tuning SSH SELinux rules

Enabling multi-tenancy on the user level

File sharing through NFS

Setting up basic NFS

Enabling NFS support

Tuning the NFS SELinux rules

Using context mounts

Working with labeled NFS

Comparing Samba with NFS

Summary