/[gentoo]/xml/htdocs/proj/en/hardened/selinux/selinux-handbook.xml
Gentoo

Contents of /xml/htdocs/proj/en/hardened/selinux/selinux-handbook.xml

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1.15 - (hide annotations) (download) (as text)
Tue Apr 10 20:19:19 2012 UTC (2 years, 6 months ago) by swift
Branch: MAIN
Changes since 1.14: +0 -0 lines
File MIME type: application/xml
Fix various bugs as reported by Phajdan-jr (#411365, #411005 and #411377)

1 pebenito 1.1 <?xml version='1.0' encoding='UTF-8'?>
2     <!DOCTYPE book SYSTEM "/dtd/book.dtd">
3    
4 swift 1.14 <!-- $Header: /var/cvsroot/gentoo/xml/htdocs/proj/en/hardened/selinux/selinux-handbook.xml,v 1.11 2011/04/25 20:12:59 zorry Exp $ -->
5 pebenito 1.1
6 nimiux 1.13 <book>
7 pebenito 1.1 <title>Gentoo SELinux Handbook</title>
8    
9     <author title="Author">
10     <mail link="pebenito@gentoo.org">Chris PeBenito</mail>
11     </author>
12 zorry 1.10 <author title="Author">
13     <mail link="sven.vermeulen@siphos.be">Sven Vermeulen</mail>
14     </author>
15 pebenito 1.9 <author title="Author">
16     Chris Richards
17     </author>
18    
19 pebenito 1.1 <abstract>
20 pebenito 1.5 This is the Gentoo SELinux Handbook.
21 pebenito 1.1 </abstract>
22    
23     <!-- The content of this document is licensed under the CC-BY-SA license -->
24     <!-- See http://creativecommons.org/licenses/by-sa/1.0 -->
25     <license/>
26    
27 swift 1.12 <version>4</version>
28     <date>2011-09-18</date>
29 pebenito 1.1
30     <part>
31 zorry 1.10 <title>Introduction to Gentoo/Hardened SELinux</title>
32 pebenito 1.1 <abstract>
33 zorry 1.10 In this part we cover what SELinux is and how it is positioned within the
34     Gentoo/Hardened project.
35 pebenito 1.1 </abstract>
36    
37     <chapter>
38 zorry 1.10 <title>Enhancing Linux Security</title>
39 pebenito 1.1 <abstract>
40 zorry 1.10 Security is more than enabling a certain framework or installing a different
41     Linux kernel. It is a way of working / administrating your Gentoo Linux system.
42     We cover a few (generic) best practices, and then elaborate on what Mandatory
43     Access Control is and how SELinux fills in this gap.
44 pebenito 1.1 </abstract>
45 zorry 1.10 <include href="hb-intro-enhancingsecurity.xml"/>
46 pebenito 1.1 </chapter>
47    
48     <chapter>
49 zorry 1.10 <title>SELinux Concepts</title>
50 pebenito 1.1 <abstract>
51 zorry 1.10 To be able to properly work with SELinux, it is vital that you understand a few
52     of its concepts like domains, domain transitions and file contexts. Without
53     a basic understanding of these aspects, it will be difficult to understand
54     how SELinux policies work and how to troubleshoot if things go wrong.
55 pebenito 1.1 </abstract>
56 zorry 1.10 <include href="hb-intro-concepts.xml"/>
57 pebenito 1.1 </chapter>
58 zorry 1.10
59 pebenito 1.1 <chapter>
60 swift 1.12 <title>SELinux Resources</title>
61     <abstract>
62     To get more acquainted with SELinux, many resources exist on the Internet.
63     In this chapter we give a quick overview of the various resources as well
64     as places where you can get more help when you are fighting with SELinux.
65     </abstract>
66     <include href="hb-intro-resources.xml"/>
67     </chapter>
68    
69     <!--
70     <chapter>
71 zorry 1.10 <title>The SELinux (Reference) Policy</title>
72 pebenito 1.1 <abstract>
73 zorry 1.10 To streamline SELinux policy development, a reference policy is being developed
74     that is used by all SELinux-supporting distributions. In this chapter we give
75     some intel on what this reference policy is and why it is brought to life, but
76     also how this policy functions and how its development is progressing. We also
77     cover the basics on SELinux policies in general.
78 pebenito 1.1 </abstract>
79 zorry 1.10 <include href="hb-intro-referencepolicy.xml"/>
80 pebenito 1.1 </chapter>
81 zorry 1.10
82 pebenito 1.1 <chapter>
83 zorry 1.10 <title>SELinux Virtual Machine Support</title>
84 pebenito 1.1 <abstract>
85 zorry 1.10 SELinux support is being actively integrated in libvirt and other
86     virtualization frameworks to elevate the security of virtualized
87     environments. Within this chapter we give you a first introduction
88     on how this is done for libvirt managed environments and what you need to take
89     into account if you wish to use SELinux within your virtualized environment.
90 pebenito 1.1 </abstract>
91 zorry 1.10 <include href="hb-intro-virtualization.xml"/>
92 pebenito 1.1 </chapter>
93 zorry 1.10 -->
94 pebenito 1.1 </part>
95    
96     <part>
97 zorry 1.10 <title>Using Gentoo/Hardened SELinux</title>
98 pebenito 1.1 <abstract>
99 zorry 1.10 With the theoretic stuff behind us, let us start by installing Gentoo/Hardened
100     with a SELinux kernel as well as the SELinux tools.
101 pebenito 1.1 </abstract>
102 zorry 1.10
103 pebenito 1.1 <chapter>
104 zorry 1.10 <title>Gentoo SELinux Installation / Conversion</title>
105 pebenito 1.1 <abstract>
106 zorry 1.10 To set up SELinux within Gentoo/Hardened, you first need to install Gentoo with
107     the correct Hardened profile (or convert to the Hardened profile) and then
108     update your system to become a SELinux-managed system. This chapter will guide
109     you through this process.
110 pebenito 1.1 </abstract>
111 zorry 1.10 <include href="hb-using-install.xml"/>
112 pebenito 1.1 </chapter>
113 zorry 1.10
114 pebenito 1.1 <chapter>
115 swift 1.12 <title>Configuring SELinux For Your Needs</title>
116     <abstract>
117     With SELinux now "installed" and enabled (although in permissive mode), we now
118     configure it to suit your particular needs. After all, SELinux is a Mandatory
119     Access Control system where you, as security administrator, define what is
120     allowed and what not.
121     </abstract>
122     <include href="hb-using-configuring.xml"/>
123     </chapter>
124    
125     <chapter>
126 zorry 1.10 <title>SELinux Commands</title>
127 pebenito 1.1 <abstract>
128 swift 1.12 Let's take a step back and get to know a few more commands. We covered most of
129     them in the previous section, but we will now dive a bit deeper in its
130     syntax, features and potential pitfalls.
131 pebenito 1.1 </abstract>
132 zorry 1.10 <include href="hb-using-commands.xml"/>
133 pebenito 1.1 </chapter>
134 zorry 1.10
135 pebenito 1.1 <chapter>
136 swift 1.12 <title>Permissive, Unconfined, Disabled or What Not...</title>
137 pebenito 1.1 <abstract>
138 swift 1.12 Your system can be in many SELinux states. In this chapter, we help you switch
139     between the various states / policies.
140 pebenito 1.1 </abstract>
141 swift 1.12 <include href="hb-using-states.xml"/>
142 pebenito 1.1 </chapter>
143 zorry 1.10
144 pebenito 1.4 <chapter>
145 swift 1.12 <title>Modifying the Gentoo Hardened SELinux Policy</title>
146 pebenito 1.8 <abstract>
147 swift 1.12 Gentoo Hardened offers a default policy, but this might not allow what you want
148     (or allows too much). In this chapter we tell you how you can tweak Gentoo's
149     policy, or even run your own.
150 pebenito 1.8 </abstract>
151 swift 1.12 <include href="hb-using-policies.xml"/>
152 pebenito 1.8 </chapter>
153 zorry 1.10
154 pebenito 1.8 <chapter>
155 swift 1.12 <title>Troubleshooting SELinux</title>
156 pebenito 1.8 <abstract>
157 swift 1.12 Everything made by a human can and will fail. In this chapter we will try to
158     keep track of all potential issues you might come across and how to resolve
159     them.
160 pebenito 1.8 </abstract>
161 swift 1.12 <include href="hb-using-troubleshoot.xml"/>
162 pebenito 1.4 </chapter>
163 pebenito 1.1 </part>
164    
165 swift 1.12 <!--
166 pebenito 1.1 <part>
167 swift 1.12 <title>Advanced SELinux</title>
168 pebenito 1.1 <abstract>
169 swift 1.12 SELinux can be much more integrated in the system. In this part, we describe how
170     to enhance SELinux configurations, tuning and securing your system even more.
171 pebenito 1.1 </abstract>
172 zorry 1.10
173 pebenito 1.1 <chapter>
174 swift 1.12 <title>Working with MLS</title>
175     <abstract>
176     ...
177     </abstract>
178     <include href="hb-advanced-mls.xml"/>
179     </chapter>
180    
181     <chapter>
182     <title>Using s(ecure) Virt(ualization)</title>
183 pebenito 1.1 <abstract>
184 swift 1.12 ...
185 pebenito 1.1 </abstract>
186 swift 1.12 <include href="hb-advanced-svirt.xml"/>
187 pebenito 1.1 </chapter>
188 zorry 1.10
189 pebenito 1.1 <chapter>
190 swift 1.12 <title>Using Netlabel</title>
191 pebenito 1.1 <abstract>
192 swift 1.12 ...
193 pebenito 1.1 </abstract>
194 swift 1.12 <include href="hb-advanced-netlabel.xml"/>
195 pebenito 1.1 </chapter>
196     </part>
197 swift 1.12 -->
198 pebenito 1.1
199     </book>

  ViewVC Help
Powered by ViewVC 1.1.20