SELinux - Security-Enhanced Linux

Although SELinux became an integral part of the Linux kernel a long time ago, the relation of the system administrators to its use remains very reserved. On the other hand, the solutions of the security problems and requirements are often searched by more complicated means, whereas elegant and easy solutions on the kernel level remain unwatched and unexploited. By opening the SELinux topics we would like to persuade the applicants, that the elegance and logic of the SELinux technique can be easily tapped, that the use of the SELinux technique can considerably increase the system security and particularly, that the inherent features of the SELinux might be very appealing especially in tho domains, for which the SELinux was primarily developed - e.g. banking industry, government agencies, army and all the other institutions operating the systems requiring highest level of security and working with sensitive and classified data.

Given the large number of possible scenarios of policy setting, the course is built mostly on a theoretical level. The course includes several practical examples of general solutions to problems with SELinux policy.

Audience

Especially for the applicants from domains, where the high-security level of the systems, auditing and strictly and granular controlled access to the data are required.

In particular for:

• system architects
• system administrators
• security managers and administrators
• security auditors
• experts and companies engaged in penetration testing and forensic research

Goals

First, the two-day course provides the systematic introduction into the SELinux technique, the role of the SELinux policy in the Linux kernel, the build-up of the policy, its customization and creation of additional policy modules.
Second, the participants will master the knowledge and skills needed for the efficient deployment of the corresponding policy, the monitoring of thereof and troubleshooting.

Outline

• Basic distinction of DAC and MAC.
• Integration of the FLASK architecture in the Linux kernel – Linux Security Module.
• SELinux Policy server and its parts.
• Policy types and its components, referential policy.
• Subject/object relations, contexts, labelling.
• Domains and domains transitions.
• Type Enforcement.
• Access Vector Cache and constraints.
• Role Based Access Control.
• Multi Layer Security, classified data access control.
• Booleans, conditional executions in the policy.
• Labelling mechanisms.
• SELinux contexts on filesystem objects – fixed and transitional FS, generalized contexts.
• Referential policy, structure and installation.
• Principles of the policy building – separation, encapsulation, abstraction
• Policy compilation – prerequisites, tools, procedures, module building.
• Tool-sets for policy building, system monitoring and auditing.
  
  

Prerequisites

• basic operations on the command line – bash
• the use of the text editor vim, nano, etc.
• basic systems administration skills – package installation, browsing the filesystem tree
• basic knowledge of GUI environment Gnome3.