RHS429 - Red Hat Enterprise SELinux Policy Administration

Menu: Store Home | Advanced Search | Shopping Cart | Checkout

RHS429 - Red Hat Enterprise SELinux Policy Administration

RHS429 introduces advanced system administrators, security administrators, and applications programmers to SELinux policy writing. Participants in this course will learn how SELinux works; how to manage SELinux; and how to write an SELinux policy. This class culiminates in a major project to scope out and then write policies for previously unprotected services.

Price:

$2,898.00

 

Item Quantity

Quantity*

Enter the appropriate quantity for this item below.

The number of students may be adjusted after the course has been added to the cart.

Course Description

RHS429 introduces advanced system administrators, security administrators, and applications programmers to SELinux policy writing. Participants in this course will learn how SELinux works; how to manage SELinux; and how to write an SELinux policy. This class culiminates in a major project to scope out and then write policies for previously unprotected services.

Prerequisites:

RHS429 requires RHCE-level skills. Prerequisite skills can be shown by passing the RHCE Exam in either RH302 or RH300, or by taking

RH253 or by possessing comparable skills and knowledge.

In order to ensure that the prerequisites for RHS429 are met, you should expect to receive a high score for the RH033 and RH133 classes (36 points or more) and a moderate score for the RH253 class (24 points or more). If one or more of these scores falls below the recommended level, consider taking the related class before taking RHS429.

Goal:

Among the most significant features of Red Hat Enterprise Linux is SELinux (Security Enhanced Linux), a powerful, kernel-level security layer that provides fine-grained control over what users and processes may access and execute on a system. By default, SELinux is enabled on Red Hat Enterprise Linux systems, enforcing a set of mandatory access controls that Red Hat calls the targeted policy. These access controls substantially enhance the security of the network services they target, but can sometimes affect the behavior of third-party applications and scripts that worked under previous versions of Red Hat Enterprise Linux.
RHS429 provides a four day tutorial on SELinux and SELinux policy writing. The first day of the course provides a introduction to SELinux, how it operates within the Red Hat targeted policy, and the tools used to manipulate it. The class then will spend the remaining days learning how policies are written, compiled, and debugged.
This culminates in a project in which participants will create a set of policies from scratch for a previously unprotected service. The class will analyze the service, determining its security needs; design and implement a set of policies; test and fix the policies; document the service's new policies so that others can effectively administer the service.

Audience:

RHS429 is designed for computer security specialists and other system administrators responsible for setting and implementing security policies on a Linux computer. Applications programmers also may consider taking the course to understand how to provide a set of SELinux policies for third party applications.
Participants need not have indepth knowledge of SELinux, but should have a basic understanding of the SELinux security layer. For example, SELinux information as taught in RH133 or RH300 is

sufficient.

Course Outline
Unit 1 - Introduction to SELinux?Discretionary Access Control vs. Mandatory Access Control
  • SELinux History and Architecture Overview
  • Elements of the SELinux security model:
  • user identity and role
  • domain and type
  • sensitivity and categories
  • security context
  • SELinux Policy and Red Hat's Targeted Policy
  • Configuring Policy with Booleans
  • Archiving
  • Setting and Displaying Extended Attributes
  • Hands-on Lab: Understanding SELinux

Unit 2 - Using SELinux

  • Controlling SELinux
  • File Contexts
  • Relabeling Files and Filesystems
  • Mount options
  • Hand-on Lab: Working with SELinux
Unit 3 - The Red Hat Targeted Policy?Identifying and Toggling Protected Services
  • Apache Security Contexts and Configuration Booleans
  • Name Service Contexts and Configuration Booleans
  • NIS Client Contexts
  • Other Services
  • File Context for Special Directory Trees
  • Troubleshooting and avc Denial Messages
  • setroubleshootd and Logging
  • Hands-on Lab: Understanding and Troubleshooting the Red Hat Targeted Policy

Unit 4 - Introduction to Policies?Policy Overview and Organization
  • Compiling and Loading the Monolithic Policy and Policy Modules
  • Policy Type Enforcement Module Syntax
  • Object Classes
  • Domain Transition
  • Hands-on Lab: Understanding policies

Unit 5 - Policy Utilities
  • ?Tools available for manipulating and analyzing policies
  • apol
  • seaudit and seaudit_report
  • checkpolicy
  • sepcut
  • sesearch
  • sestatus
  • audit2allow and audit2why
  • sealert
  • avcstat
  • seinfo
  • semanage and semodule
  • Man pages
  • Hands-on Lab: Exploring Utilities
Unit 6 - User and Role Security?Role-based Access Control
  • Multi Category Security
  • Defining a Security Administrator
  • Multi-Level Security
  • The strict Policy
  • User Identification and Declaration
  • Role Identification and Declaration
  • Roles in Use in Transitions
  • Role Dominance
  • Hands-on Lab: Implementing User and Role Based Policy Restrictions

Unit 7 - Anatomy of a Policy?Policy Macros
  • Type Attributes and Aliases
  • Type Transitions
  • When and How do Files Get Labeled
  • restorecond
  • Customizable Types
  • Hands-on Lab: Building Policies

Unit 8 - Manipulating Policies?Installing and Compiling Policies
  • The Policy Language
  • Access Vector
  • SELinux logs
  • Security Identifiers - SIDs
  • Filesystem Labeling Behavior
  • Context on Network Objects
  • Creating and Using New Booleans
  • Manipulating Policy by Example
  • Macros
  • Enableaudit
  • Hands-on Lab: Compiling Policies
Unit 9 ? Project Best practices
  • Create File Contexts, Types and Typealiases
  • Edit and Create Network Contexts
  • Edit and Create Domains
  • Hands-on Lab: Editing and Writing Policy
Related Items
RH300 - RHCE Rapid Track Course with RHCSA and RHCE Exams

RH300 - RHCE Rapid Track Course with RHCSA and RHCE Exams

The RHCE Fast Track Course with RHCSA and RHCE Exams (RH300) is designed for senior Linux system administrators who want to validate their competencies by earning the RHCSA and RHCE credentials. This is a fast-paced preparation course that combines the RHCSA Fast Track Course (RH199) and System Administration III (RH254) courses, normally eight days of training, into a single four-day course. Building on the students' extensive knowledge of command line based Linux administration, the course moves very quickly through the intermediate and advanced tasks covered by lab-based knowledge checks and facilitative discussions. By the end of this course, the senior Linux administrator students will have been exposed to all the intermediate and advanced competencies tested by the RHCSA and RHCE exams. The RHCSA and RHCE exams are included with this course.

Price:

$3,600.00

Shopping Cart

There are no items in your shopping cart.

Store Search

Advanced Search

Powered By Sun Microsystems
SSL
Kryptronic Internet Software Solutions