SELinux Cookbook.:
This book covers how to build SELinux policies and the integration of the technology with other systems and looks at a wide range of examples to assist in creating additional policies. You will learn how to manage resource labels and fine-tune your policies to automatically handle labeling; gain ins...
Gespeichert in:
| 1. Verfasser: | |
|---|---|
| Format: | Elektronisch E-Book |
| Sprache: | English |
| Veröffentlicht: |
Packt Publishing,
2014.
|
| Schlagworte: | |
| Online-Zugang: | Volltext |
| Zusammenfassung: | This book covers how to build SELinux policies and the integration of the technology with other systems and looks at a wide range of examples to assist in creating additional policies. You will learn how to manage resource labels and fine-tune your policies to automatically handle labeling; gain insight into how to tune the web server SELinux policy for secure web application hosting; confine desktop applications through custom-built policies; protect a server's assets by creating your own service-specific SELinux policies; discover how to restrict users without hindering them by installing role-based access control; troubleshoot and debug the behavior of SELinux-enabled applications. -- |
| Beschreibung: | 1 online resource |
| ISBN: | 9781783989676 178398967X 1322152993 9781322152998 |
Internformat
MARC
| LEADER | 00000cam a2200000 a 4500 | ||
|---|---|---|---|
| 001 | ZDB-4-EBA-ocn892045654 | ||
| 003 | OCoLC | ||
| 005 | 20241004212047.0 | ||
| 006 | m o d | ||
| 007 | cr cnu---unuuu | ||
| 008 | 141003s2014 xx o 000 0 eng d | ||
| 040 | |a IDEBK |b eng |e pn |c IDEBK |d EBLCP |d OCLCQ |d N$T |d OCLCQ |d COO |d OCLCF |d YDXCP |d STF |d B24X7 |d OCLCQ |d TEFOD |d OCLCQ |d FEM |d AGLDB |d ICA |d XFH |d MERUC |d OCLCQ |d OCLCO |d D6H |d OCLCQ |d OCLCO |d VNS |d VTS |d OCLCQ |d OCLCO |d UKAHL |d OCLCQ |d OCLCO |d OCLCQ |d OCLCO |d OCLCL |d OCLCQ | ||
| 019 | |a 907286337 |a 968109824 |a 969029208 |a 994403514 | ||
| 020 | |a 9781783989676 |q (electronic bk.) | ||
| 020 | |a 178398967X |q (electronic bk.) | ||
| 020 | |a 1322152993 |q (electronic bk.) | ||
| 020 | |a 9781322152998 |q (electronic bk.) | ||
| 020 | |z 9781783989669 | ||
| 020 | |z 1783989661 | ||
| 035 | |a (OCoLC)892045654 |z (OCoLC)907286337 |z (OCoLC)968109824 |z (OCoLC)969029208 |z (OCoLC)994403514 | ||
| 037 | |a 2E78B78B-598A-4198-8911-56E9E463AA34 |b OverDrive, Inc. |n http://www.overdrive.com | ||
| 050 | 4 | |a QA76.76.O63 | |
| 072 | 7 | |a COM |x 046070 |2 bisacsh | |
| 072 | 7 | |a COM |x 046030 |2 bisacsh | |
| 072 | 7 | |a COM |x 088010 |2 bisacsh | |
| 082 | 7 | |a 005.432 |2 23 | |
| 049 | |a MAIN | ||
| 100 | 1 | |a Vermeulen, Sven. | |
| 245 | 1 | 0 | |a SELinux Cookbook. |
| 260 | |b Packt Publishing, |c 2014. | ||
| 300 | |a 1 online resource | ||
| 336 | |a text |b txt |2 rdacontent | ||
| 337 | |a computer |b c |2 rdamedia | ||
| 338 | |a online resource |b cr |2 rdacarrier | ||
| 347 | |a text file |2 rda | ||
| 588 | 0 | |a Print version record. | |
| 520 | |a This book covers how to build SELinux policies and the integration of the technology with other systems and looks at a wide range of examples to assist in creating additional policies. You will learn how to manage resource labels and fine-tune your policies to automatically handle labeling; gain insight into how to tune the web server SELinux policy for secure web application hosting; confine desktop applications through custom-built policies; protect a server's assets by creating your own service-specific SELinux policies; discover how to restrict users without hindering them by installing role-based access control; troubleshoot and debug the behavior of SELinux-enabled applications. -- |c Edited summary from book. | ||
| 505 | 0 | |a Cover; Copyright; Credits; About the Author; About the Reviewers; www.PacktPub.com; Table of Contents; Preface; Chapter 1: The SELinux Development Environment; Introduction; Creating the development environment; Building a simple SELinux module; Calling refpolicy interfaces; Creating our own interface; Using the refpolicy naming convention; Distributing SELinux policy modules; Chapter 2: Dealing with File Labels; Introduction; Defining file contexts through patterns; Using substitution definitions; Enhancing an SELinux policy with file transitions; Setting resource-sensitivity labels. | |
| 505 | 8 | |a Configuring sensitivity categoriesChapter 3: Confining Web Applications; Introduction; Listing conditional policy support; Enabling user directory support; Assigning web content types; Using different web server ports; Using custom content types; Creating a custom CGI domain; Setting up mod_selinux; Starting Apache with limited clearance; Mapping HTTP users to contexts; Using source address mapping to decide on contexts; Separating virtual hosts with mod_selinux; Chapter 4: Creating a Desktop Application Policy; Introduction; Researching the application''s logical design. | |
| 505 | 8 | |a Creating a skeleton policySetting context definitions; Defining application role interfaces; Testing and enhancing the policy; Ignoring permissions we don''t need; Creating application resource interfaces; Adding conditional policy rules; Adding build-time policy decisions; Chapter 5: Creating a Server Policy; Introduction; Understanding the service; Choosing resource types wisely; Differentiating policies based on use cases; Creating resource-access interfaces; Creating exec, run, and transition interfaces; Creating a stream-connect interface; Creating the administrative interface. | |
| 505 | 8 | |a Chapter 6: Setting Up Separate RolesIntroduction; Managing SELinux users; Mapping Linux users to SELinux users; Running commands in a specified role with sudo; Running commands in a specified role with runcon; Switching roles; Creating a new role; Initial role based on entry; Defining role transitions; Looking into access privileges; Chapter 7: Choosing the Confinement Level; Introduction; Finding common resources; Defining common helper domains; Documenting common privileges; Granting privileges to all clients; Creating a generic application domain. | |
| 505 | 8 | |a Building application-specific domains using templatesUsing fine-grained application domain definitions; Chapter 8: Debugging SELinux; Introduction; Identifying whether SELinux is to blame; Analyzing SELINUX_ERR messages; Logging positive policy decisions; Looking through SELinux constraints; Ensuring an SELinux rule is never allowed; Using strace to clarify permission issues; Using strace against daemons; Auditing system behavior; Chapter 9: Aligning SELinux with DAC; Introduction; Assigning a different root location to regular services. | |
| 546 | |a English. | ||
| 630 | 0 | 0 | |a Linux. |0 http://id.loc.gov/authorities/names/n94087892 |
| 630 | 0 | 7 | |a Linux |2 fast |
| 650 | 0 | |a Computer networks |x Security measures. |0 http://id.loc.gov/authorities/subjects/sh94001277 | |
| 650 | 6 | |a Réseaux d'ordinateurs |x Sécurité |x Mesures. | |
| 650 | 7 | |a COMPUTERS |x Operating Systems |x Linux. |2 bisacsh | |
| 650 | 7 | |a COMPUTERS |x Operating Systems |x UNIX. |2 bisacsh | |
| 650 | 7 | |a COMPUTERS |x System Administration |x Linux & UNIX Administration. |2 bisacsh | |
| 650 | 7 | |a Computer networks |x Security measures |2 fast | |
| 776 | 0 | 8 | |i Print version: |a Vermeulen, Sven. |t SELinux cookbook : over 70 hands-on recipes to develop fully functional policies to confine your applications and users using SELinux. |d Birmingham, England : Packt Publishing, ©2014 |h iii, 224 pages |z 9781783989669 |
| 856 | 4 | 0 | |l FWS01 |p ZDB-4-EBA |q FWS_PDA_EBA |u https://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&AN=853662 |3 Volltext |
| 938 | |a Askews and Holts Library Services |b ASKH |n AH27089873 | ||
| 938 | |a Books 24x7 |b B247 |n bks00093161 | ||
| 938 | |a EBL - Ebook Library |b EBLB |n EBL1797263 | ||
| 938 | |a EBSCOhost |b EBSC |n 853662 | ||
| 938 | |a ProQuest MyiLibrary Digital eBook Collection |b IDEB |n cis29836765 | ||
| 938 | |a YBP Library Services |b YANK |n 12092501 | ||
| 994 | |a 92 |b GEBAY | ||
| 912 | |a ZDB-4-EBA | ||
| 049 | |a DE-863 | ||
Datensatz im Suchindex
| DE-BY-FWS_katkey | ZDB-4-EBA-ocn892045654 |
|---|---|
| _version_ | 1816882290013241344 |
| adam_text | |
| any_adam_object | |
| author | Vermeulen, Sven |
| author_facet | Vermeulen, Sven |
| author_role | |
| author_sort | Vermeulen, Sven |
| author_variant | s v sv |
| building | Verbundindex |
| bvnumber | localFWS |
| callnumber-first | Q - Science |
| callnumber-label | QA76 |
| callnumber-raw | QA76.76.O63 |
| callnumber-search | QA76.76.O63 |
| callnumber-sort | QA 276.76 O63 |
| callnumber-subject | QA - Mathematics |
| collection | ZDB-4-EBA |
| contents | Cover; Copyright; Credits; About the Author; About the Reviewers; www.PacktPub.com; Table of Contents; Preface; Chapter 1: The SELinux Development Environment; Introduction; Creating the development environment; Building a simple SELinux module; Calling refpolicy interfaces; Creating our own interface; Using the refpolicy naming convention; Distributing SELinux policy modules; Chapter 2: Dealing with File Labels; Introduction; Defining file contexts through patterns; Using substitution definitions; Enhancing an SELinux policy with file transitions; Setting resource-sensitivity labels. Configuring sensitivity categoriesChapter 3: Confining Web Applications; Introduction; Listing conditional policy support; Enabling user directory support; Assigning web content types; Using different web server ports; Using custom content types; Creating a custom CGI domain; Setting up mod_selinux; Starting Apache with limited clearance; Mapping HTTP users to contexts; Using source address mapping to decide on contexts; Separating virtual hosts with mod_selinux; Chapter 4: Creating a Desktop Application Policy; Introduction; Researching the application''s logical design. Creating a skeleton policySetting context definitions; Defining application role interfaces; Testing and enhancing the policy; Ignoring permissions we don''t need; Creating application resource interfaces; Adding conditional policy rules; Adding build-time policy decisions; Chapter 5: Creating a Server Policy; Introduction; Understanding the service; Choosing resource types wisely; Differentiating policies based on use cases; Creating resource-access interfaces; Creating exec, run, and transition interfaces; Creating a stream-connect interface; Creating the administrative interface. Chapter 6: Setting Up Separate RolesIntroduction; Managing SELinux users; Mapping Linux users to SELinux users; Running commands in a specified role with sudo; Running commands in a specified role with runcon; Switching roles; Creating a new role; Initial role based on entry; Defining role transitions; Looking into access privileges; Chapter 7: Choosing the Confinement Level; Introduction; Finding common resources; Defining common helper domains; Documenting common privileges; Granting privileges to all clients; Creating a generic application domain. Building application-specific domains using templatesUsing fine-grained application domain definitions; Chapter 8: Debugging SELinux; Introduction; Identifying whether SELinux is to blame; Analyzing SELINUX_ERR messages; Logging positive policy decisions; Looking through SELinux constraints; Ensuring an SELinux rule is never allowed; Using strace to clarify permission issues; Using strace against daemons; Auditing system behavior; Chapter 9: Aligning SELinux with DAC; Introduction; Assigning a different root location to regular services. |
| ctrlnum | (OCoLC)892045654 |
| dewey-full | 005.432 |
| dewey-hundreds | 000 - Computer science, information, general works |
| dewey-ones | 005 - Computer programming, programs, data, security |
| dewey-raw | 005.432 |
| dewey-search | 005.432 |
| dewey-sort | 15.432 |
| dewey-tens | 000 - Computer science, information, general works |
| discipline | Informatik |
| format | Electronic eBook |
| fullrecord | <?xml version="1.0" encoding="UTF-8"?><collection xmlns="http://www.loc.gov/MARC21/slim"><record><leader>06459cam a2200685 a 4500</leader><controlfield tag="001">ZDB-4-EBA-ocn892045654</controlfield><controlfield tag="003">OCoLC</controlfield><controlfield tag="005">20241004212047.0</controlfield><controlfield tag="006">m o d </controlfield><controlfield tag="007">cr cnu---unuuu</controlfield><controlfield tag="008">141003s2014 xx o 000 0 eng d</controlfield><datafield tag="040" ind1=" " ind2=" "><subfield code="a">IDEBK</subfield><subfield code="b">eng</subfield><subfield code="e">pn</subfield><subfield code="c">IDEBK</subfield><subfield code="d">EBLCP</subfield><subfield code="d">OCLCQ</subfield><subfield code="d">N$T</subfield><subfield code="d">OCLCQ</subfield><subfield code="d">COO</subfield><subfield code="d">OCLCF</subfield><subfield code="d">YDXCP</subfield><subfield code="d">STF</subfield><subfield code="d">B24X7</subfield><subfield code="d">OCLCQ</subfield><subfield code="d">TEFOD</subfield><subfield code="d">OCLCQ</subfield><subfield code="d">FEM</subfield><subfield code="d">AGLDB</subfield><subfield code="d">ICA</subfield><subfield code="d">XFH</subfield><subfield code="d">MERUC</subfield><subfield code="d">OCLCQ</subfield><subfield code="d">OCLCO</subfield><subfield code="d">D6H</subfield><subfield code="d">OCLCQ</subfield><subfield code="d">OCLCO</subfield><subfield code="d">VNS</subfield><subfield code="d">VTS</subfield><subfield code="d">OCLCQ</subfield><subfield code="d">OCLCO</subfield><subfield code="d">UKAHL</subfield><subfield code="d">OCLCQ</subfield><subfield code="d">OCLCO</subfield><subfield code="d">OCLCQ</subfield><subfield code="d">OCLCO</subfield><subfield code="d">OCLCL</subfield><subfield code="d">OCLCQ</subfield></datafield><datafield tag="019" ind1=" " ind2=" "><subfield code="a">907286337</subfield><subfield code="a">968109824</subfield><subfield code="a">969029208</subfield><subfield code="a">994403514</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">9781783989676</subfield><subfield code="q">(electronic bk.)</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">178398967X</subfield><subfield code="q">(electronic bk.)</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">1322152993</subfield><subfield code="q">(electronic bk.)</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">9781322152998</subfield><subfield code="q">(electronic bk.)</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="z">9781783989669</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="z">1783989661</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(OCoLC)892045654</subfield><subfield code="z">(OCoLC)907286337</subfield><subfield code="z">(OCoLC)968109824</subfield><subfield code="z">(OCoLC)969029208</subfield><subfield code="z">(OCoLC)994403514</subfield></datafield><datafield tag="037" ind1=" " ind2=" "><subfield code="a">2E78B78B-598A-4198-8911-56E9E463AA34</subfield><subfield code="b">OverDrive, Inc.</subfield><subfield code="n">http://www.overdrive.com</subfield></datafield><datafield tag="050" ind1=" " ind2="4"><subfield code="a">QA76.76.O63</subfield></datafield><datafield tag="072" ind1=" " ind2="7"><subfield code="a">COM</subfield><subfield code="x">046070</subfield><subfield code="2">bisacsh</subfield></datafield><datafield tag="072" ind1=" " ind2="7"><subfield code="a">COM</subfield><subfield code="x">046030</subfield><subfield code="2">bisacsh</subfield></datafield><datafield tag="072" ind1=" " ind2="7"><subfield code="a">COM</subfield><subfield code="x">088010</subfield><subfield code="2">bisacsh</subfield></datafield><datafield tag="082" ind1="7" ind2=" "><subfield code="a">005.432</subfield><subfield code="2">23</subfield></datafield><datafield tag="049" ind1=" " ind2=" "><subfield code="a">MAIN</subfield></datafield><datafield tag="100" ind1="1" ind2=" "><subfield code="a">Vermeulen, Sven.</subfield></datafield><datafield tag="245" ind1="1" ind2="0"><subfield code="a">SELinux Cookbook.</subfield></datafield><datafield tag="260" ind1=" " ind2=" "><subfield code="b">Packt Publishing,</subfield><subfield code="c">2014.</subfield></datafield><datafield tag="300" ind1=" " ind2=" "><subfield code="a">1 online resource</subfield></datafield><datafield tag="336" ind1=" " ind2=" "><subfield code="a">text</subfield><subfield code="b">txt</subfield><subfield code="2">rdacontent</subfield></datafield><datafield tag="337" ind1=" " ind2=" "><subfield code="a">computer</subfield><subfield code="b">c</subfield><subfield code="2">rdamedia</subfield></datafield><datafield tag="338" ind1=" " ind2=" "><subfield code="a">online resource</subfield><subfield code="b">cr</subfield><subfield code="2">rdacarrier</subfield></datafield><datafield tag="347" ind1=" " ind2=" "><subfield code="a">text file</subfield><subfield code="2">rda</subfield></datafield><datafield tag="588" ind1="0" ind2=" "><subfield code="a">Print version record.</subfield></datafield><datafield tag="520" ind1=" " ind2=" "><subfield code="a">This book covers how to build SELinux policies and the integration of the technology with other systems and looks at a wide range of examples to assist in creating additional policies. You will learn how to manage resource labels and fine-tune your policies to automatically handle labeling; gain insight into how to tune the web server SELinux policy for secure web application hosting; confine desktop applications through custom-built policies; protect a server's assets by creating your own service-specific SELinux policies; discover how to restrict users without hindering them by installing role-based access control; troubleshoot and debug the behavior of SELinux-enabled applications. --</subfield><subfield code="c">Edited summary from book.</subfield></datafield><datafield tag="505" ind1="0" ind2=" "><subfield code="a">Cover; Copyright; Credits; About the Author; About the Reviewers; www.PacktPub.com; Table of Contents; Preface; Chapter 1: The SELinux Development Environment; Introduction; Creating the development environment; Building a simple SELinux module; Calling refpolicy interfaces; Creating our own interface; Using the refpolicy naming convention; Distributing SELinux policy modules; Chapter 2: Dealing with File Labels; Introduction; Defining file contexts through patterns; Using substitution definitions; Enhancing an SELinux policy with file transitions; Setting resource-sensitivity labels.</subfield></datafield><datafield tag="505" ind1="8" ind2=" "><subfield code="a">Configuring sensitivity categoriesChapter 3: Confining Web Applications; Introduction; Listing conditional policy support; Enabling user directory support; Assigning web content types; Using different web server ports; Using custom content types; Creating a custom CGI domain; Setting up mod_selinux; Starting Apache with limited clearance; Mapping HTTP users to contexts; Using source address mapping to decide on contexts; Separating virtual hosts with mod_selinux; Chapter 4: Creating a Desktop Application Policy; Introduction; Researching the application''s logical design.</subfield></datafield><datafield tag="505" ind1="8" ind2=" "><subfield code="a">Creating a skeleton policySetting context definitions; Defining application role interfaces; Testing and enhancing the policy; Ignoring permissions we don''t need; Creating application resource interfaces; Adding conditional policy rules; Adding build-time policy decisions; Chapter 5: Creating a Server Policy; Introduction; Understanding the service; Choosing resource types wisely; Differentiating policies based on use cases; Creating resource-access interfaces; Creating exec, run, and transition interfaces; Creating a stream-connect interface; Creating the administrative interface.</subfield></datafield><datafield tag="505" ind1="8" ind2=" "><subfield code="a">Chapter 6: Setting Up Separate RolesIntroduction; Managing SELinux users; Mapping Linux users to SELinux users; Running commands in a specified role with sudo; Running commands in a specified role with runcon; Switching roles; Creating a new role; Initial role based on entry; Defining role transitions; Looking into access privileges; Chapter 7: Choosing the Confinement Level; Introduction; Finding common resources; Defining common helper domains; Documenting common privileges; Granting privileges to all clients; Creating a generic application domain.</subfield></datafield><datafield tag="505" ind1="8" ind2=" "><subfield code="a">Building application-specific domains using templatesUsing fine-grained application domain definitions; Chapter 8: Debugging SELinux; Introduction; Identifying whether SELinux is to blame; Analyzing SELINUX_ERR messages; Logging positive policy decisions; Looking through SELinux constraints; Ensuring an SELinux rule is never allowed; Using strace to clarify permission issues; Using strace against daemons; Auditing system behavior; Chapter 9: Aligning SELinux with DAC; Introduction; Assigning a different root location to regular services.</subfield></datafield><datafield tag="546" ind1=" " ind2=" "><subfield code="a">English.</subfield></datafield><datafield tag="630" ind1="0" ind2="0"><subfield code="a">Linux.</subfield><subfield code="0">http://id.loc.gov/authorities/names/n94087892</subfield></datafield><datafield tag="630" ind1="0" ind2="7"><subfield code="a">Linux</subfield><subfield code="2">fast</subfield></datafield><datafield tag="650" ind1=" " ind2="0"><subfield code="a">Computer networks</subfield><subfield code="x">Security measures.</subfield><subfield code="0">http://id.loc.gov/authorities/subjects/sh94001277</subfield></datafield><datafield tag="650" ind1=" " ind2="6"><subfield code="a">Réseaux d'ordinateurs</subfield><subfield code="x">Sécurité</subfield><subfield code="x">Mesures.</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">COMPUTERS</subfield><subfield code="x">Operating Systems</subfield><subfield code="x">Linux.</subfield><subfield code="2">bisacsh</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">COMPUTERS</subfield><subfield code="x">Operating Systems</subfield><subfield code="x">UNIX.</subfield><subfield code="2">bisacsh</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">COMPUTERS</subfield><subfield code="x">System Administration</subfield><subfield code="x">Linux & UNIX Administration.</subfield><subfield code="2">bisacsh</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">Computer networks</subfield><subfield code="x">Security measures</subfield><subfield code="2">fast</subfield></datafield><datafield tag="776" ind1="0" ind2="8"><subfield code="i">Print version:</subfield><subfield code="a">Vermeulen, Sven.</subfield><subfield code="t">SELinux cookbook : over 70 hands-on recipes to develop fully functional policies to confine your applications and users using SELinux.</subfield><subfield code="d">Birmingham, England : Packt Publishing, ©2014</subfield><subfield code="h">iii, 224 pages</subfield><subfield code="z">9781783989669</subfield></datafield><datafield tag="856" ind1="4" ind2="0"><subfield code="l">FWS01</subfield><subfield code="p">ZDB-4-EBA</subfield><subfield code="q">FWS_PDA_EBA</subfield><subfield code="u">https://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&AN=853662</subfield><subfield code="3">Volltext</subfield></datafield><datafield tag="938" ind1=" " ind2=" "><subfield code="a">Askews and Holts Library Services</subfield><subfield code="b">ASKH</subfield><subfield code="n">AH27089873</subfield></datafield><datafield tag="938" ind1=" " ind2=" "><subfield code="a">Books 24x7</subfield><subfield code="b">B247</subfield><subfield code="n">bks00093161</subfield></datafield><datafield tag="938" ind1=" " ind2=" "><subfield code="a">EBL - Ebook Library</subfield><subfield code="b">EBLB</subfield><subfield code="n">EBL1797263</subfield></datafield><datafield tag="938" ind1=" " ind2=" "><subfield code="a">EBSCOhost</subfield><subfield code="b">EBSC</subfield><subfield code="n">853662</subfield></datafield><datafield tag="938" ind1=" " ind2=" "><subfield code="a">ProQuest MyiLibrary Digital eBook Collection</subfield><subfield code="b">IDEB</subfield><subfield code="n">cis29836765</subfield></datafield><datafield tag="938" ind1=" " ind2=" "><subfield code="a">YBP Library Services</subfield><subfield code="b">YANK</subfield><subfield code="n">12092501</subfield></datafield><datafield tag="994" ind1=" " ind2=" "><subfield code="a">92</subfield><subfield code="b">GEBAY</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">ZDB-4-EBA</subfield></datafield><datafield tag="049" ind1=" " ind2=" "><subfield code="a">DE-863</subfield></datafield></record></collection> |
| id | ZDB-4-EBA-ocn892045654 |
| illustrated | Not Illustrated |
| indexdate | 2024-11-27T13:26:15Z |
| institution | BVB |
| isbn | 9781783989676 178398967X 1322152993 9781322152998 |
| language | English |
| oclc_num | 892045654 |
| open_access_boolean | |
| owner | MAIN DE-863 DE-BY-FWS |
| owner_facet | MAIN DE-863 DE-BY-FWS |
| physical | 1 online resource |
| psigel | ZDB-4-EBA |
| publishDate | 2014 |
| publishDateSearch | 2014 |
| publishDateSort | 2014 |
| publisher | Packt Publishing, |
| record_format | marc |
| spelling | Vermeulen, Sven. SELinux Cookbook. Packt Publishing, 2014. 1 online resource text txt rdacontent computer c rdamedia online resource cr rdacarrier text file rda Print version record. This book covers how to build SELinux policies and the integration of the technology with other systems and looks at a wide range of examples to assist in creating additional policies. You will learn how to manage resource labels and fine-tune your policies to automatically handle labeling; gain insight into how to tune the web server SELinux policy for secure web application hosting; confine desktop applications through custom-built policies; protect a server's assets by creating your own service-specific SELinux policies; discover how to restrict users without hindering them by installing role-based access control; troubleshoot and debug the behavior of SELinux-enabled applications. -- Edited summary from book. Cover; Copyright; Credits; About the Author; About the Reviewers; www.PacktPub.com; Table of Contents; Preface; Chapter 1: The SELinux Development Environment; Introduction; Creating the development environment; Building a simple SELinux module; Calling refpolicy interfaces; Creating our own interface; Using the refpolicy naming convention; Distributing SELinux policy modules; Chapter 2: Dealing with File Labels; Introduction; Defining file contexts through patterns; Using substitution definitions; Enhancing an SELinux policy with file transitions; Setting resource-sensitivity labels. Configuring sensitivity categoriesChapter 3: Confining Web Applications; Introduction; Listing conditional policy support; Enabling user directory support; Assigning web content types; Using different web server ports; Using custom content types; Creating a custom CGI domain; Setting up mod_selinux; Starting Apache with limited clearance; Mapping HTTP users to contexts; Using source address mapping to decide on contexts; Separating virtual hosts with mod_selinux; Chapter 4: Creating a Desktop Application Policy; Introduction; Researching the application''s logical design. Creating a skeleton policySetting context definitions; Defining application role interfaces; Testing and enhancing the policy; Ignoring permissions we don''t need; Creating application resource interfaces; Adding conditional policy rules; Adding build-time policy decisions; Chapter 5: Creating a Server Policy; Introduction; Understanding the service; Choosing resource types wisely; Differentiating policies based on use cases; Creating resource-access interfaces; Creating exec, run, and transition interfaces; Creating a stream-connect interface; Creating the administrative interface. Chapter 6: Setting Up Separate RolesIntroduction; Managing SELinux users; Mapping Linux users to SELinux users; Running commands in a specified role with sudo; Running commands in a specified role with runcon; Switching roles; Creating a new role; Initial role based on entry; Defining role transitions; Looking into access privileges; Chapter 7: Choosing the Confinement Level; Introduction; Finding common resources; Defining common helper domains; Documenting common privileges; Granting privileges to all clients; Creating a generic application domain. Building application-specific domains using templatesUsing fine-grained application domain definitions; Chapter 8: Debugging SELinux; Introduction; Identifying whether SELinux is to blame; Analyzing SELINUX_ERR messages; Logging positive policy decisions; Looking through SELinux constraints; Ensuring an SELinux rule is never allowed; Using strace to clarify permission issues; Using strace against daemons; Auditing system behavior; Chapter 9: Aligning SELinux with DAC; Introduction; Assigning a different root location to regular services. English. Linux. http://id.loc.gov/authorities/names/n94087892 Linux fast Computer networks Security measures. http://id.loc.gov/authorities/subjects/sh94001277 Réseaux d'ordinateurs Sécurité Mesures. COMPUTERS Operating Systems Linux. bisacsh COMPUTERS Operating Systems UNIX. bisacsh COMPUTERS System Administration Linux & UNIX Administration. bisacsh Computer networks Security measures fast Print version: Vermeulen, Sven. SELinux cookbook : over 70 hands-on recipes to develop fully functional policies to confine your applications and users using SELinux. Birmingham, England : Packt Publishing, ©2014 iii, 224 pages 9781783989669 FWS01 ZDB-4-EBA FWS_PDA_EBA https://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&AN=853662 Volltext |
| spellingShingle | Vermeulen, Sven SELinux Cookbook. Cover; Copyright; Credits; About the Author; About the Reviewers; www.PacktPub.com; Table of Contents; Preface; Chapter 1: The SELinux Development Environment; Introduction; Creating the development environment; Building a simple SELinux module; Calling refpolicy interfaces; Creating our own interface; Using the refpolicy naming convention; Distributing SELinux policy modules; Chapter 2: Dealing with File Labels; Introduction; Defining file contexts through patterns; Using substitution definitions; Enhancing an SELinux policy with file transitions; Setting resource-sensitivity labels. Configuring sensitivity categoriesChapter 3: Confining Web Applications; Introduction; Listing conditional policy support; Enabling user directory support; Assigning web content types; Using different web server ports; Using custom content types; Creating a custom CGI domain; Setting up mod_selinux; Starting Apache with limited clearance; Mapping HTTP users to contexts; Using source address mapping to decide on contexts; Separating virtual hosts with mod_selinux; Chapter 4: Creating a Desktop Application Policy; Introduction; Researching the application''s logical design. Creating a skeleton policySetting context definitions; Defining application role interfaces; Testing and enhancing the policy; Ignoring permissions we don''t need; Creating application resource interfaces; Adding conditional policy rules; Adding build-time policy decisions; Chapter 5: Creating a Server Policy; Introduction; Understanding the service; Choosing resource types wisely; Differentiating policies based on use cases; Creating resource-access interfaces; Creating exec, run, and transition interfaces; Creating a stream-connect interface; Creating the administrative interface. Chapter 6: Setting Up Separate RolesIntroduction; Managing SELinux users; Mapping Linux users to SELinux users; Running commands in a specified role with sudo; Running commands in a specified role with runcon; Switching roles; Creating a new role; Initial role based on entry; Defining role transitions; Looking into access privileges; Chapter 7: Choosing the Confinement Level; Introduction; Finding common resources; Defining common helper domains; Documenting common privileges; Granting privileges to all clients; Creating a generic application domain. Building application-specific domains using templatesUsing fine-grained application domain definitions; Chapter 8: Debugging SELinux; Introduction; Identifying whether SELinux is to blame; Analyzing SELINUX_ERR messages; Logging positive policy decisions; Looking through SELinux constraints; Ensuring an SELinux rule is never allowed; Using strace to clarify permission issues; Using strace against daemons; Auditing system behavior; Chapter 9: Aligning SELinux with DAC; Introduction; Assigning a different root location to regular services. Linux. http://id.loc.gov/authorities/names/n94087892 Linux fast Computer networks Security measures. http://id.loc.gov/authorities/subjects/sh94001277 Réseaux d'ordinateurs Sécurité Mesures. COMPUTERS Operating Systems Linux. bisacsh COMPUTERS Operating Systems UNIX. bisacsh COMPUTERS System Administration Linux & UNIX Administration. bisacsh Computer networks Security measures fast |
| subject_GND | http://id.loc.gov/authorities/names/n94087892 http://id.loc.gov/authorities/subjects/sh94001277 |
| title | SELinux Cookbook. |
| title_auth | SELinux Cookbook. |
| title_exact_search | SELinux Cookbook. |
| title_full | SELinux Cookbook. |
| title_fullStr | SELinux Cookbook. |
| title_full_unstemmed | SELinux Cookbook. |
| title_short | SELinux Cookbook. |
| title_sort | selinux cookbook |
| topic | Linux. http://id.loc.gov/authorities/names/n94087892 Linux fast Computer networks Security measures. http://id.loc.gov/authorities/subjects/sh94001277 Réseaux d'ordinateurs Sécurité Mesures. COMPUTERS Operating Systems Linux. bisacsh COMPUTERS Operating Systems UNIX. bisacsh COMPUTERS System Administration Linux & UNIX Administration. bisacsh Computer networks Security measures fast |
| topic_facet | Linux. Linux Computer networks Security measures. Réseaux d'ordinateurs Sécurité Mesures. COMPUTERS Operating Systems Linux. COMPUTERS Operating Systems UNIX. COMPUTERS System Administration Linux & UNIX Administration. Computer networks Security measures |
| url | https://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&AN=853662 |
| work_keys_str_mv | AT vermeulensven selinuxcookbook |