SELinux by Example: Using Security Enhanced Linux [Paperback]

Frank Mayer (Author), Karl MacMillan (Author), David Caplan (Author)

Book Description

Publication Date: August 6, 2006 | ISBN-10: 0131963694 | ISBN-13: 978-0131963696 | Edition: 1

SELinux: Bring World-Class Security to Any Linux Environment!

 

SELinux offers Linux/UNIX integrators, administrators, and developers a state-of-the-art platform for building and maintaining highly secure solutions. Now that SELinux is included in the Linux 2.6 kernel—and delivered by default in Fedora Core, Red Hat Enterprise Linux, and other major distributions—it’s easier than ever to take advantage
of its benefits.

 

SELinux by Example is the first complete, hands-on guide to using SELinux in production environments. Authored by three leading SELinux researchers and developers, it illuminates every facet of working with SELinux, from its architecture and security object model to its policy language. The book thoroughly explains SELinux sample policies— including the powerful new Reference Policy—showing how to quickly adapt them to your unique environment. It also contains a comprehensive SELinux policy language reference and covers exciting new features in Fedora Core 5 and the upcoming Red Hat Enterprise Linux version 5.

 

• Thoroughly understand SELinux’s access control and security mechanisms

• Use SELinux to construct secure systems from the ground up

• Gain fine-grained control over kernel resources

• Write policy statements for type enforcement, roles, users, and constraints

• Use optional multilevel security to enforce information classification and manage users with diverse clearances

• Create conditional policies that can be changed on-the-fly

• Define, manage, and maintain SELinux security policies

• Develop and write new SELinux security policy modules

• Leverage emerging SELinux technologies to gain even greater flexibility

• Effectively administer any SELinux system

Editorial Reviews

Review

"The three authors are well versed in the topic and comprise the best team to write on SELinux that you could find. Even though it is written as a straightforward text - as opposed to a study guide - I appreciate how each chapter ends with a summary and then exercises to reinforce what you've just finished reading. "--Emmett Dulaney, Editor, UnixReview.com

 

"This is a very good book and is easily the best I've seen yet on the subject of SELinux. If you've been tasked with maintaining an SELinux-enabled machine, would like to write or enhance existing SELinux policy, or just want to understand what SELinux is and how it came to be, then this is the book for you. "--Ryan Maple, Reviewer, LinuxSecurity.com

From the Back Cover

SELinux: Bring World-Class Security to Any Linux Environment!

 

SELinux offers Linux/UNIX integrators, administrators, and developers a state-of-the-art platform for building and maintaining highly secure solutions. Now that SELinux is included in the Linux 2.6 kernel—and delivered by default in Fedora Core, Red Hat Enterprise Linux, and other major distributions—it’s easier than ever to take advantage
of its benefits.

 

SELinux by Example is the first complete, hands-on guide to using SELinux in production environments. Authored by three leading SELinux researchers and developers, it illuminates every facet of working with SELinux, from its architecture and security object model to its policy language. The book thoroughly explains SELinux sample policies— including the powerful new Reference Policy—showing how to quickly adapt them to your unique environment. It also contains a comprehensive SELinux policy language reference and covers exciting new features in Fedora Core 5 and the upcoming Red Hat Enterprise Linux version 5.

 

• Thoroughly understand SELinux’s access control and security mechanisms

• Use SELinux to construct secure systems from the ground up

• Gain fine-grained control over kernel resources

• Write policy statements for type enforcement, roles, users, and constraints

• Use optional multilevel security to enforce information classification and manage users with diverse clearances

• Create conditional policies that can be changed on-the-fly

• Define, manage, and maintain SELinux security policies

• Develop and write new SELinux security policy modules

• Leverage emerging SELinux technologies to gain even greater flexibility

• Effectively administer any SELinux system

--This text refers to an out of print or unavailable edition of this title.

See all Editorial Reviews

Product Details

• Paperback: 456 pages
• Publisher: Prentice Hall; 1 edition (August 6, 2006)
• Language: English
• ISBN-10: 0131963694
• ISBN-13: 978-0131963696
• Product Dimensions: 7 x 0.9 x 9.2 inches
• Shipping Weight: 1.2 pounds (View shipping rates and policies)
• Average Customer Review: 3.7 out of 5 stars  See all reviews (6 customer reviews)
• Amazon Best Sellers Rank: #453,786 in Books (See Top 100 in Books)
  • #81 in Books > Computers & Technology > Operating Systems > Linux > Networking & System Administration

More About the Author

Discover books, learn about writers, read author blogs, and more.

Most Helpful Customer Reviews

16 of 16 people found the following review helpful

3.0 out of 5 stars Great grounding but going out of date quickly January 3, 2008

By Christian R. Unger

Format:Paperback

SELinux by Example is not my first venture into learning about SELinux, but in fact my second. My first was the study guide for the RedHat SELinux Exam (which you only get if you pay for the course, so i realise it is not a cheap option). While the Red Hat material is very limited (to be covered in 4 days and with the aim of preparing you for an exam) it has three gleaming advantages:
1) it is current
2) the exercises are practical and come with solution in the book; and
3) there are nowhere near as many mistakes.

So let's cut to the downsides of this book:
1) it's dated (now in 2008)
2) there are mistakes, many mistakes but thankfully most are obvious
3) there are no easily accessible answers. They might be online, but so far i have not found them...

So that sounds pretty bad, but actually the book is very good, mainly because of its depth. It seems to go through the entire beast that is SELinux, using non-contrived examples of policy. Unfortunately it does not help you in administering your system all that much (though there is a chapter devoted to this). The reason for this is simple: this book aims to tell you how SELinux works, rather than how to use it. In other words, this book needs to be read together with something more practical. The practical content of the book is probably confined to the last two chapters which amounts to just shy of 70 pages out of 425 including index.

Honestly, i am torn on this: on the one hand i'm disappointed about how out of date the book has gotten, and how quickly, but at the same time i understand: SELinux is still evolving significantly AND how distro's are using it is still evolving.... Just see some of the references where the book acknowledges its shortcomings: The authors know where things are headed, they know their stuff. Which on the other side of the spectrum is why this book is so good as an introduction: you cover everything, you have a really solid background of the area, but you are left wanting more, you are left wanting ... well >practical< examples, rather than the examples in the text.

I would recommend that anyone wanting to get into using SELinux get material of their distro's support site (Red Hat / Fedora have guides and links to other materials which are excellent and free) and use those materials with this book. I have yet to find a source that ties all of SELinux together so well, but at the same time, there is the sensation that this material will need a revision very soon.

One last issue is that the book is a little too formulaic. The text will inform you there is a summary of syntax on page X, where X is the page you are on and the summary is the next paragraph. It just rubs me the wrong way, it is pointing out the obvious, it is adding volume where none is needed. The text is concise, but for some reason it seems the authors want to add bloat and volume when otherwise they get right to the point.

In conclusion, consider this book a foundation, even if its not as current as you might want (and those issues are related more to module based policy writing which is covered in sufficient depths, especially because examples are included with your SELinux policy anyway), and read it with the man pages and the documentation you get with your distro and you'll be fine. Read more ›

4 of 4 people found the following review helpful

5.0 out of 5 stars is it germane to your usage of linux? September 15, 2006

By W Boudville HALL OF FAMETOP 500 REVIEWERVINE™ VOICE

Format:Paperback

If you are a linux or unix user, then you're probably pretty familiar with the permissions settings on files. It's a basic methodology that is essentially unchanged over 20 years or more or unix development. But its shortcomings have been just as well known to unix experts over that time.

What Mayer et al demonstrate is that the latest linux 2.6 has a very interesting add-on. SELinux. It is incorporated by default. So if you're running linux 2.6, it's been present all along, hidden in the background. The book describes what it offers. A vastly improved and very granular security model. Based on the concept of type enforcement. It goes way beyond earlier implementations of Mandatory Access Control.

The book can be heavy sledding if all this is new to you. Luckily, it describes a neat GUI tool, apol, that you can run as root. It can greatly assist understanding the use and making of rules.

Most users and sysadmins of linux machines might still not require the active use of SELinux. There is a considerable investment in time needed, to understand and use it. Plus, most of the examples cited in the book refer to government or classified contexts. Outside these, you have to really ask yourself if it's germane to you.

1 of 1 people found the following review helpful

4.0 out of 5 stars Good and indepth, but a little outdated May 5, 2009

By Matthew E. Coleman

Format:Paperback

This book offers a lot of information on the subject, and seems to focus generally on policy writing. However, there are a lot of new features in the newer Fedora Cores that it doesn't cover very well. Also, it talks about a lot of issues that, as long as you don't have a super old system, don't really matter anymore.

2.0 out of 5 stars Not well written October 11, 2011

By Bradley Goodman

Format:Paperback|Amazon Verified Purchase

I'm about a hundred pages into the book. I am still completely confused. If this book was intended to describe SELinux "by Example" it certainly hasn't. Furthermore, it seems to be a bit out of date, focusing on old distributions like Fedora Core 5. It appears to place a lot of focus on more obscure tools (written by the author and the author's company) as opposed to the more "standard" tools which are included in standard distributions.

3 of 5 people found the following review helpful

4.0 out of 5 stars Policies, policies, policies December 4, 2006

By Nils Valentin

Format:Paperback

--- DISCLAIMER: This is a requested review by PTR, however any opinions expressed within the review are my personal ones. ---

The book SbE comes in 3 parts and additionally with 45 page strong Appendix
containing more detailed information where to get additonal information from.

Part I - A general overview (p. 1-55)
Part II - The SELinux Policy language (p. 57-236)
Part III - Creating and writing SELinux Security Policies (p. 237 - 362)
Appendix A (p. 364 - 409)

The book is mainly about policies itself and how to implement them.
Writing those policies is most of the time a time intensive and error prone task.

Readers planning on understanding SELinux should bring some time with them to fully understand and appreciate
the examples given for the "example" policy (f.e. strict or targeted) and the "reference" policy.

Whats going to prove useful is the hints given towards which trade-offs you may need to take when deciding
f.e. to use the strict policy. While the topic itself might seem dry for many readers the book will prove
useful for those genuinely interested.

The book does describe the most useful tools to put the reader straight on track and avoid loosing time.
The lovely prepared useful details like the 17 page index are a nice feature you will find yourself refering
to when in need. Some readers might find that they better leave the setup of SELinux to professional service
companies, but still the book serves to get an understanding what you can and possibly cant do with SELinux.

The article "Secure Linux - security kit review" from Hakin9's online library serves as a nice compliment to the book.