/[gentoo]/xml/htdocs/proj/en/hardened/selinux/selinux-handbook.xml
Gentoo

Contents of /xml/htdocs/proj/en/hardened/selinux/selinux-handbook.xml

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1.11 - (hide annotations) (download) (as text)
Mon Apr 25 20:12:59 2011 UTC (3 years, 2 months ago) by zorry
Branch: MAIN
Changes since 1.10: +1 -1 lines
File MIME type: application/xml
Update the selinux docs

1 pebenito 1.1 <?xml version='1.0' encoding='UTF-8'?>
2     <!DOCTYPE book SYSTEM "/dtd/book.dtd">
3    
4 zorry 1.10 <!-- $Header: /var/cvsroot/gentoo/xml/htdocs/proj/en/hardened/selinux/selinux-handbook.xml,v 1.9 2010/06/25 16:07:19 pebenito Exp $ -->
5 pebenito 1.1
6 zorry 1.11 <book link="selinux-handbook.xml">
7 pebenito 1.1 <title>Gentoo SELinux Handbook</title>
8    
9     <author title="Author">
10     <mail link="pebenito@gentoo.org">Chris PeBenito</mail>
11     </author>
12 zorry 1.10 <author title="Author">
13     <mail link="sven.vermeulen@siphos.be">Sven Vermeulen</mail>
14     </author>
15 pebenito 1.9 <author title="Author">
16     Chris Richards
17     </author>
18    
19 pebenito 1.1 <abstract>
20 pebenito 1.5 This is the Gentoo SELinux Handbook.
21 pebenito 1.1 </abstract>
22    
23     <!-- The content of this document is licensed under the CC-BY-SA license -->
24     <!-- See http://creativecommons.org/licenses/by-sa/1.0 -->
25     <license/>
26    
27 zorry 1.10 <version>3.00</version>
28     <date>2010-12-01</date>
29 pebenito 1.1
30     <part>
31 zorry 1.10 <title>Introduction to Gentoo/Hardened SELinux</title>
32 pebenito 1.1 <abstract>
33 zorry 1.10 In this part we cover what SELinux is and how it is positioned within the
34     Gentoo/Hardened project.
35 pebenito 1.1 </abstract>
36    
37     <chapter>
38 zorry 1.10 <title>Enhancing Linux Security</title>
39 pebenito 1.1 <abstract>
40 zorry 1.10 Security is more than enabling a certain framework or installing a different
41     Linux kernel. It is a way of working / administrating your Gentoo Linux system.
42     We cover a few (generic) best practices, and then elaborate on what Mandatory
43     Access Control is and how SELinux fills in this gap.
44 pebenito 1.1 </abstract>
45 zorry 1.10 <include href="hb-intro-enhancingsecurity.xml"/>
46 pebenito 1.1 </chapter>
47    
48     <chapter>
49 zorry 1.10 <title>SELinux Concepts</title>
50 pebenito 1.1 <abstract>
51 zorry 1.10 To be able to properly work with SELinux, it is vital that you understand a few
52     of its concepts like domains, domain transitions and file contexts. Without
53     a basic understanding of these aspects, it will be difficult to understand
54     how SELinux policies work and how to troubleshoot if things go wrong.
55 pebenito 1.1 </abstract>
56 zorry 1.10 <include href="hb-intro-concepts.xml"/>
57 pebenito 1.1 </chapter>
58 zorry 1.10
59 pebenito 1.1 <chapter>
60 zorry 1.10 <title>The SELinux (Reference) Policy</title>
61 pebenito 1.1 <abstract>
62 zorry 1.10 To streamline SELinux policy development, a reference policy is being developed
63     that is used by all SELinux-supporting distributions. In this chapter we give
64     some intel on what this reference policy is and why it is brought to life, but
65     also how this policy functions and how its development is progressing. We also
66     cover the basics on SELinux policies in general.
67 pebenito 1.1 </abstract>
68 zorry 1.10 <include href="hb-intro-referencepolicy.xml"/>
69 pebenito 1.1 </chapter>
70 zorry 1.10
71     <!--
72     Removed for the time being, not critical.
73     Moved to next major version of handbook.
74    
75 pebenito 1.1 <chapter>
76 zorry 1.10 <title>SELinux Virtual Machine Support</title>
77 pebenito 1.1 <abstract>
78 zorry 1.10 SELinux support is being actively integrated in libvirt and other
79     virtualization frameworks to elevate the security of virtualized
80     environments. Within this chapter we give you a first introduction
81     on how this is done for libvirt managed environments and what you need to take
82     into account if you wish to use SELinux within your virtualized environment.
83 pebenito 1.1 </abstract>
84 zorry 1.10 <include href="hb-intro-virtualization.xml"/>
85 pebenito 1.1 </chapter>
86 zorry 1.10 -->
87 pebenito 1.1 </part>
88    
89     <part>
90 zorry 1.10 <title>Using Gentoo/Hardened SELinux</title>
91 pebenito 1.1 <abstract>
92 zorry 1.10 With the theoretic stuff behind us, let us start by installing Gentoo/Hardened
93     with a SELinux kernel as well as the SELinux tools.
94 pebenito 1.1 </abstract>
95 zorry 1.10
96 pebenito 1.1 <chapter>
97 zorry 1.10 <title>Gentoo SELinux Installation / Conversion</title>
98 pebenito 1.1 <abstract>
99 zorry 1.10 To set up SELinux within Gentoo/Hardened, you first need to install Gentoo with
100     the correct Hardened profile (or convert to the Hardened profile) and then
101     update your system to become a SELinux-managed system. This chapter will guide
102     you through this process.
103 pebenito 1.1 </abstract>
104 zorry 1.10 <include href="hb-using-install.xml"/>
105 pebenito 1.1 </chapter>
106 zorry 1.10
107 pebenito 1.1 <chapter>
108 zorry 1.10 <title>SELinux Commands</title>
109 pebenito 1.1 <abstract>
110 zorry 1.10 Before we start with SELinux, we first take a step back and get to know a few
111     commands. As we are currently running a SELinux enabled system (but in
112     permissive mode) we can now get acquainted with the various SELinux-specific
113     commands.
114 pebenito 1.1 </abstract>
115 zorry 1.10 <include href="hb-using-commands.xml"/>
116 pebenito 1.1 </chapter>
117 zorry 1.10
118 pebenito 1.1 <chapter>
119 zorry 1.10 <title>Running in Permissive Mode</title>
120 pebenito 1.1 <abstract>
121 zorry 1.10 Once SELinux is active, we first start by running the system in permissive mode.
122     In this chapter, we tell you how to get acquainted with SELinux more in-depth
123     with live command information, but without interfering with the standard access
124     controls (i.e. in permissive mode).
125 pebenito 1.1 </abstract>
126 zorry 1.10 <include href="hb-using-permissive.xml"/>
127 pebenito 1.1 </chapter>
128 zorry 1.10
129 pebenito 1.4 <chapter>
130 zorry 1.10 <title>Switching to Enforcing Mode</title>
131 pebenito 1.8 <abstract>
132 zorry 1.10 Once you believe that the system can be ran in enforcing mode, we switch the
133     system to verify if this is true. Once verified, the next step is to (re)boot in
134     enforcing mode. Finally, if we are confident that the enforcing is working
135     properly and that the system is still doing its job correctly, we fix the
136     enforcing mode so that it cannot be disabled anymore.
137 pebenito 1.8 </abstract>
138 zorry 1.10 <include href="hb-using-enforcing.xml"/>
139 pebenito 1.8 </chapter>
140 zorry 1.10
141 pebenito 1.8 <chapter>
142 zorry 1.10 <title>Adding SELinux Policy Modules</title>
143 pebenito 1.8 <abstract>
144 zorry 1.10 Far from all packages where SELinux policy modules are available for have a
145     corresponding package in Gentoo/Hardened. In this chapter, we help you to add
146     more modules yourself or create your own modules for those packages that have no
147     SELinux policies yet.
148 pebenito 1.8 </abstract>
149 zorry 1.10 <include href="hb-using-policymodules.xml"/>
150 pebenito 1.4 </chapter>
151 pebenito 1.1 </part>
152    
153     <part>
154 zorry 1.10 <title>Appendices</title>
155 pebenito 1.1 <abstract>
156 zorry 1.10 Additional resources and referenced materials within this book are mentioned in
157     this appendix.
158 pebenito 1.1 </abstract>
159 zorry 1.10
160 pebenito 1.1 <chapter>
161 zorry 1.10 <title>Troubleshooting SELinux</title>
162 pebenito 1.1 <abstract>
163 zorry 1.10 Everything made by a human can and will fail. In this chapter we will try to
164     keep track of all potential issues you might come across and how to resolve
165     them.
166 pebenito 1.1 </abstract>
167 zorry 1.10 <include href="hb-appendix-troubleshoot.xml"/>
168 pebenito 1.1 </chapter>
169 zorry 1.10
170 pebenito 1.1 <chapter>
171 zorry 1.10 <title>SELinux Reference Material</title>
172 pebenito 1.1 <abstract>
173 zorry 1.10 This Gentoo Hardened SELinux handbook gives a first introduction to SELinux and
174     how it is integrated in Gentoo Hardened. But more seasoned administrators will
175     most definitely want to read up on the more advanced uses (and managerial
176     challenges) of SELinux - which we definitely recommend. A non-exhaustive list is
177     compiled in this chapter.
178 pebenito 1.1 </abstract>
179 zorry 1.10 <include href="hb-appendix-reference.xml" />
180 pebenito 1.1 </chapter>
181     </part>
182    
183     </book>

  ViewVC Help
Powered by ViewVC 1.1.20