# Enviado por Mnosh el 15 de Octubre de 2010 a las 04:50hs.

Videotutorial CBT SELinux Edition

videotutorial SELinux

LinuxCBT SELinux Edition is unparalleled in content, depth and expertise. It entails 11-hours, or over 1-day of classroom training. LinuxCBT SELinux Edition prepares you or your organization for successfully securing GNU/Linux & Open Source-based solutions. As a by-product, many of the covered concepts, utilities and tricks are applicable to heterogeneous computing environments, ensuring your coverage of the fundamentals of securing corporate infrastructures.

Let LinuxCBT SELinux Edition cost-effectively sharpen your GNU/Linux & Open Source Security skills!

Recommended Prerequisites for:

  • Any LinuxCBT Operating System Course (Classic/EL-4|5/SUSE/Debian Editions)
    • Open mind & determination to master Linux and related open-source applications
    • Basic understanding of networking concepts
    • Access to a PC to follow the exercises

SELinux Security - Module IV

  • Access Control Models
    • Describe Access Control Model (ACM) theories (DAC/MAC/nDAC)
    • Explain features & shortcomings of Discretionary Access Control (DAC) models
    • Identify key DAC-based utilities
    • Discuss the advantages & caveats of Mandatory Access Control (MAC)models
    • Explore DAC-based programs
  • SELinux - Basics
    • Discuss subjectsobjects
    • Explain how SELinux is implemented in 2.6.x-based kernels
    • Confirm SELinux support in the kernel
    • Identify key SELinux packages
    • Use sestatus to obtain the current SELinux mode
    • Discuss subject & object labeling
    • Describe the 3 SELinux operating modes
    • Identify key utilities & files, which dictate the current SELinux operating mode
    • Focus on the features of SELinux permissive mode
    • Explore the boot process as it relates to SELinux
  • SELinux - Object Labeling
    • Discuss subject & object labeling
    • Discuss the role of extended attributes (XATTRs)
    • Expose the labels of specific objects
    • Alter the lables of specific objects
    • Configure SELinux to automatically label objects per security policy
    • Reset the system and confirm labels on altered objects
    • Explain security tuples
    • Use fixfiles to restore object labels on running system per security policy
  • SELinux - Type Contexts - Security Labels Applied to Objects
    • Intro to object security tuples - security labels
    • Attempt to serve HTML content using Apache in SELinux enforcing mode
    • Identify problematic object security labels
    • Serve HTML content in SELinux permissive mode
    • Use chcon to alter object security labels
    • Switch to enforcing mode & confirm the ability to serve HTML content
    • Use restorecon to restore object security context (labels)
  • SELinux - Basic Commands - Type & Domain Exposition
    • ps - reveal subjects' security context (security label) - Domains
    • ls - reveal objects' security label - Types
    • cp - preserve/inherit security labels
    • mv - preserve security labels
    • id - expose subject security label
  • SELinux - Targeted Policy - Binary
    • Explain the Targeted Policy's features
    • Discuss policy transitions for domains
    • Compare & contrast confined & unconfined states
    • Exempt Apache daemon from the auspicies of the targeted policy's confined state
    • Evaluate results after exemption
    • Explain the security contexts applied to subjects & objects
    • Peruse key targeted binary policy files
    • Identify the daemons protected by the targeted policy
    • Discuss the unconfined_t domain - subject label
  • SELinux - Targeted Policy - Source
    • Install the targeted policy source files
    • Identify & discuss TE and FC files
    • Explore file_contexts - context definition for objects
    • Discuss the file context syntax
    • Explain the purpose of using run_init to initiate SELinux-protected daemons
    • Switch between permissive & enforcing modes and evaluate behavior
    • Peruse the key files in the targeted source policy
  • SELinux - Miscellaneous Utilities - Logging
    • Use tar to archive SELinux-protected objects
    • Confirm security labels on tar-archived objects
    • Use the tar substitute 'star' to archive extended attributes(XATTRs)
    • Confirm security labels on star-archived objects
    • Discuss the role of the AVC
    • Examine SELinux logs - /var/log/messages
    • Alter Syslog configuration to route SELinux messages to an ideal location
    • Use SETools, shell-based programs to output real-time statistics
    • Install & use SEAudit graphical SELinux log-management tool
  • SELinux - RedHat® Enterprise 5.x - Exploration
    • Explore configuration & key utilities
    • Transition from 'disabled' to 'permissive' mode
    • Focus on Apache web server behavior
    • Enable UserDir functionality & test content access
    • Transition to 'enforcing' mode
    • Examine Apache behvavior in restricted environment
    • Adjust SELinux directives
    • Evaluate results
  • SELinux - Network Ports - Service Restrictions
    • Explore standard behavior
    • Configure new application bindings
    • Examine SELinux intervention
    • Rectify SELinux configuration for multiple services
    • Evaluate results

 

Descargar:
http://hotfile.com/list/786734/dc6326b

Etiquetas: [seguridad] | [servidores] | [administracion] | [gnu/linux]

Comentarios [0]

Deja tu comentario (*)

* Los comentarios como visitante necesitan ser aprobados. Inicie session o registre una cuenta para activar más funcionalidades en el sitio.