tailieunhanh - SELinux

Security-Enhanced Linux (SELinux) is an implementation of mandatory access control using Linux Security Modules (LSM) in the Linux kernel, based on the principle of least privilege. It is not a Linux distribution, but rather a set of modifications that can be applied to Unix-like operating systems, such as Linux and BSD. | SELinux SELinux Wikipedia says: Security-Enhanced Linux (SELinux) is an implementation of mandatory access control using Linux Security Modules (LSM) in the Linux kernel, based on the principle of least privilege. It is not a Linux distribution, but rather a set of modifications that can be applied to Unix-like operating systems, such as Linux and BSD. SELinux What is SELinux? A kernel level MAC (Mandatory Access Control) implementation for Linux Originally commissioned and built by/for the NSA A head-ache for the uninitiated Very effective if done right Not the usual case BTW One of three well known MAC implementations Trusted Solaris Mainframe “Top Secret” and RACF. Top Secret is a product of Computer Associates RACF – Resource Access Control Facility RACF is the access control system used by IBM on its mainframe line of computers SELinux Access Control Philosophies MAC: Mandatory Access Control Cannot be worked around I own it, not you. Ex: Directory . | SELinux SELinux Wikipedia says: Security-Enhanced Linux (SELinux) is an implementation of mandatory access control using Linux Security Modules (LSM) in the Linux kernel, based on the principle of least privilege. It is not a Linux distribution, but rather a set of modifications that can be applied to Unix-like operating systems, such as Linux and BSD. SELinux What is SELinux? A kernel level MAC (Mandatory Access Control) implementation for Linux Originally commissioned and built by/for the NSA A head-ache for the uninitiated Very effective if done right Not the usual case BTW One of three well known MAC implementations Trusted Solaris Mainframe “Top Secret” and RACF. Top Secret is a product of Computer Associates RACF – Resource Access Control Facility RACF is the access control system used by IBM on its mainframe line of computers SELinux Access Control Philosophies MAC: Mandatory Access Control Cannot be worked around I own it, not you. Ex: Directory “Secret” is owned by “Agent”. “Agent” does not have authority to grant access to others. Only the “Owner” does. DAC: Discretionary Access Control It’s yours, do what you will. Same example: “Agent” can grant access to whomever she cares. RBAC: Role Based Access Control Depending on what your role is, maybe. If “Agent” has the correct Role, she can, otherwise she can’t. SELinux SELinux past tense. Auditing and reporting support very limited and poorly integrated in SELinux. One big ugly policy. No decent interface for managing policies. SLIDE (new tool) Building policies was a flat file hack style. Fresh files got no label. You had to comb the system to find and label them manually. Poor scalability with SMP. SELinux Recent improvements. FC4 policy now has over 120 confined domains, updates in Hardened Gentoo, and support being mainstreamed into Debian. Multi­Level Security support enhanced and mainstreamed. Audit system enhanced and increasingly integrated. RHEL5 entered into

• An ninh - Bảo mật
• Linux kernel
• Enhanced Linux
• SELinux
• Network security
• attack techniques
• defensive techniques
• operating system security
• application security
• security policy
• Linux Kernel Development
• 3rd Edition
• including its design
• implementation
• Building Embedded
• Linux Systems
• Linux Device
• Drivers Linux
• in a Nutshell Linux Network
• International Journal of Computer Science & Communication Networks
• Analysing the performance of TCP in linux kernel
• CP in linux kernel
• User system interface
• In TCP networking
• hệ điều hành linux
• linux LPI
• biên dịch kernel
• file system
• Step by step to build driver
• Application in Linux
• Building kernel module
• Adding module to kernel
• Building application
• Removing kernel module
• phần mềm Linux
• Linux Newbie Administrator Guide
• linux command
• linux server
• linux ubuntu
• mẹo cài hệ điều hành
• Understanding the Linux Kernel
• Memory Management
• Process Address Space
• Hệ điều hành Linux căn bản
• Bài giảng Hệ điều hành Linux căn bản
• Quá trình boot Linux
• Kernel image và initrd
• Tiến trình init và file inittab
• information technology
• curriculum
• Linux Security
• Kernel Synchronization
• Unix Filesystem
• khám phá linux
• mẹo sử dụng linux
• kĩ thuật viết lệnh trong windows
• thủ thuật MAC
• cài đặt windows
• Hệ điều hành Linux
• Nhân của hệ điều hành Linux
• Nhân (kernel) của Linux
• Hệ thống xử lý
• Hệ điều hành
• Hệ điều hành MSDOS
• Advanced Linux
• System Administration 1
• The Linux Kernel
• System Startup
• The Linux Filesystem
• System Maintenance
• O’Reilly Media
• Cookbook
• O’Reilly books
• Third Edition
• MySQL Web Development
• Linux Kernel in a Nutshell
• In a Nutshell
• Linux Server Hacks
• 100 industrial strength hacks
• Linux system administrators
• system monitoring tools
• secure networking solutions
• LPI 201 Intermediate Level Administration
• Intermediate Level Administration
• Hardware Management
• Linux System Startup
• Linux Filesystem
• hệ điều hành mac
• hệ điều hành windows
• nâng cấp kernel Ubuntu 11
• 04
• phát triển phần mềm
• mã nguồn mở
• lập trình trên linux
• Hệ thống quản lý
• Advanced operating systems
• Kernel applications
• Systems profiling
• Dynamic analysis multi threaded systems
• I/O prefetching
• Sequential file prefetching in linux
• Develop Linux device drivers
• C programming
• Microprocessor programming
• User space
• kernel space
• nutshell
• o’reilly
• kernel
• linux
• tagungsband
• und
• tage
• chemnitzer
• Bài giảng Mã nguồn mở
• Chức năng của nhân Linux
• Quản lý các tiến trình
• Quản lý bộ nhớ
• Lecture Advanced Operating Systems
• Bài giảng Hệ điều hành nâng cao
• Loadable kernel modules
• Linux module management
• Linux module registration
• Quản trị hệ thống Linux
• Quản lý dịch vụ mạng
• Quản lý tài nguyên mạng
• Hệ thống Linux
• Quản lý cấu hình mạng
• Khai thác shell và kernel