Home . Training Schedule . Linux Support . Mail Info . Locate us . FAQ 
 
 
Announcements

RH301: Red Hat Rapid Track Certification Course from starting 06 September 2010


RH442: Red Hat Enterprise System Monitoring & Performance Tuning, 20 September 2010


RHCE Exam - Bangalore - 24 September 2010


RHS429: Red Hat Enterprise SELinux Policy Administration, 25 September 2010


RHS333: Red Hat Enterprise Security:Network Services, 18 September 2010


RH423: Red Hat Enterprise Directory Services and Authentication, 11 September 2010, Weekend Batch
 

RHS429
 Red Hat Enterprise SELinux Policy Administration
Course Duration : Four Days: 10:00 am - 5:30 pm Course Fee : Rs. 9,600/- (plus service tax)
Course Overview
RHS429 introduces advanced system administrators, security administrators, and applications programmers to SELinux policy writing. Participants in this course will learn how SELinux works; how to manage SELinux; and how to write an SELinux policy. This class culiminates in a major project to scope out and then write policies for previously unprotected services.
Pre-Requisites
RHS429 requires RHCE-level skills. Prerequisite skills can be shown by passing the RHCE Exam in either RH302 or by taking RH253 or by possessing comparable skills and knowledge. SELinux information as taught in RH133 or RH301 is sufficient.
Target Audience
RHS429 is designed for computer security specialists and other system administrators responsible for setting and implementing security policies on a Linux computer. Applications programmers also may consider taking the course to understand how to provide a set of SELinux policies for third party applications.
Course Outline
  • Introduction to SELinux
    -Traditional DAC System
    -SELinux System and History
    -What SELinux Can Do and Cannot Do
    -Architecture, User Identity and Role
    -Domain / Type, Sensitivities and Categories
    -Security Context
    -What is an SELinux Policy
    -Targeted Policy; Where is the policy?
    -Policy Booleans; Security Context Information
    -Using Security Context Information
    -Access Control Example
    -Archiving tar, star, rsync; Get & Set Extended Attributes
  • Using SELinux
    -Controlling SELinux; File Contexts
    -Relabel files; Relabel a filesystem
    -Mount options for SELinux
  • The Red Hat Targeted Policy
    -Protected Services
    -Identifying & Toggling Protected Services
    -Apache; Apache Security Contexts
    -Web Content
    -Special Configuration Booleans for Apache
    -NIS Client; NIS Client Contexts
    -Some othe Services; Contexts
    -File Context for Special Directory Trees
    -Troubleshooting; denied messages, Example
    -SELinux Logging; Identify a Problem
  • Introduction to Policies
    -Installing the source RPM
    -Compiling, Loading the Monolithic Policy
    -Loading Policy Modules
    -Policy Type Enforcement Module Syntax
    -Object Classes; Domain Transition
  • Policy Utilities
    -seaudit Introduction
    -seaudit Demo: Monitor Logs & Query Policy
    -Seaudit_report, apol
    -apol DemoPolicy Components, Rules & Analysis
    -Interference of Policies with Services
    -Breakage of Services by Policies
    -checkpolicy, sesearch, sestatus, audit2allow,
    audit2why, sealert, avcstat, seinfo, semanage &
    module
  • User and Role Security
    -Role-based Access Control
    -Multi Category Security; Defining SecAdmin
    -MLS; The strict Policy; General Identification
    -User Identification, system_u, users_u & root
    -How users are Declared; Role Identification
    -How roles are Declared
    -Roles in use in Transitions; Role Dominance
  • Anatomy of a Policy
    -Policy Macros; Type Enforcement
    -Type Attributes; Type Aliases
    -Type Transitions for Objects
    -When and How do Files get Labeled?
    -Restorecond
    -Customizable Types
  • Manipulating Policies
    -Installing & Compiling Policies
    -The Policy Language; Access vector
    -SELinux logs, Security Identifiers-SIDs
    -Filesystem Labeling Behavior
    -Statements: fs_use and genfs_contexts
    -Context on network objects; Booleans
    -Examples: allow, auditallow, neverallow, dontaudit, can_exec, macros and Enableaudit
  • Project
    -Best practices; Overview of changes
    -Create File Contexts
    -Create File Types
    -Create File Typealiases
    -Edit or Create Network Contexts
    -Edit Domains
    -Create Domains
    -Create Macros


Download All Course Contents


Linux is the registered trademark of Linus Torvalds. All brand and product names are trademarks or registered trademarks of their respective companies.