/[gentoo]/xml/htdocs/proj/en/hardened/selinux/selinux-handbook.xml
Gentoo

Contents of /xml/htdocs/proj/en/hardened/selinux/selinux-handbook.xml

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1.10 - (show annotations) (download) (as text)
Sat Mar 26 23:29:55 2011 UTC (3 years, 7 months ago) by zorry
Branch: MAIN
Changes since 1.9: +99 -67 lines
File MIME type: application/xml
Update the selinux docs

1 <?xml version='1.0' encoding='UTF-8'?>
2 <!DOCTYPE book SYSTEM "/dtd/book.dtd">
3
4 <!-- $Header: /var/cvsroot/gentoo/xml/htdocs/proj/en/hardened/selinux/selinux-handbook.xml,v 1.9 2010/06/25 16:07:19 pebenito Exp $ -->
5
6 <book link="selinux-handbook.xml" disclaimer="draft">
7 <title>Gentoo SELinux Handbook</title>
8
9 <author title="Author">
10 <mail link="pebenito@gentoo.org">Chris PeBenito</mail>
11 </author>
12 <author title="Author">
13 <mail link="sven.vermeulen@siphos.be">Sven Vermeulen</mail>
14 </author>
15 <author title="Author">
16 Chris Richards
17 </author>
18
19 <abstract>
20 This is the Gentoo SELinux Handbook.
21 </abstract>
22
23 <!-- The content of this document is licensed under the CC-BY-SA license -->
24 <!-- See http://creativecommons.org/licenses/by-sa/1.0 -->
25 <license/>
26
27 <version>3.00</version>
28 <date>2010-12-01</date>
29
30 <part>
31 <title>Introduction to Gentoo/Hardened SELinux</title>
32 <abstract>
33 In this part we cover what SELinux is and how it is positioned within the
34 Gentoo/Hardened project.
35 </abstract>
36
37 <chapter>
38 <title>Enhancing Linux Security</title>
39 <abstract>
40 Security is more than enabling a certain framework or installing a different
41 Linux kernel. It is a way of working / administrating your Gentoo Linux system.
42 We cover a few (generic) best practices, and then elaborate on what Mandatory
43 Access Control is and how SELinux fills in this gap.
44 </abstract>
45 <include href="hb-intro-enhancingsecurity.xml"/>
46 </chapter>
47
48 <chapter>
49 <title>SELinux Concepts</title>
50 <abstract>
51 To be able to properly work with SELinux, it is vital that you understand a few
52 of its concepts like domains, domain transitions and file contexts. Without
53 a basic understanding of these aspects, it will be difficult to understand
54 how SELinux policies work and how to troubleshoot if things go wrong.
55 </abstract>
56 <include href="hb-intro-concepts.xml"/>
57 </chapter>
58
59 <chapter>
60 <title>The SELinux (Reference) Policy</title>
61 <abstract>
62 To streamline SELinux policy development, a reference policy is being developed
63 that is used by all SELinux-supporting distributions. In this chapter we give
64 some intel on what this reference policy is and why it is brought to life, but
65 also how this policy functions and how its development is progressing. We also
66 cover the basics on SELinux policies in general.
67 </abstract>
68 <include href="hb-intro-referencepolicy.xml"/>
69 </chapter>
70
71 <!--
72 Removed for the time being, not critical.
73 Moved to next major version of handbook.
74
75 <chapter>
76 <title>SELinux Virtual Machine Support</title>
77 <abstract>
78 SELinux support is being actively integrated in libvirt and other
79 virtualization frameworks to elevate the security of virtualized
80 environments. Within this chapter we give you a first introduction
81 on how this is done for libvirt managed environments and what you need to take
82 into account if you wish to use SELinux within your virtualized environment.
83 </abstract>
84 <include href="hb-intro-virtualization.xml"/>
85 </chapter>
86 -->
87 </part>
88
89 <part>
90 <title>Using Gentoo/Hardened SELinux</title>
91 <abstract>
92 With the theoretic stuff behind us, let us start by installing Gentoo/Hardened
93 with a SELinux kernel as well as the SELinux tools.
94 </abstract>
95
96 <chapter>
97 <title>Gentoo SELinux Installation / Conversion</title>
98 <abstract>
99 To set up SELinux within Gentoo/Hardened, you first need to install Gentoo with
100 the correct Hardened profile (or convert to the Hardened profile) and then
101 update your system to become a SELinux-managed system. This chapter will guide
102 you through this process.
103 </abstract>
104 <include href="hb-using-install.xml"/>
105 </chapter>
106
107 <chapter>
108 <title>SELinux Commands</title>
109 <abstract>
110 Before we start with SELinux, we first take a step back and get to know a few
111 commands. As we are currently running a SELinux enabled system (but in
112 permissive mode) we can now get acquainted with the various SELinux-specific
113 commands.
114 </abstract>
115 <include href="hb-using-commands.xml"/>
116 </chapter>
117
118 <chapter>
119 <title>Running in Permissive Mode</title>
120 <abstract>
121 Once SELinux is active, we first start by running the system in permissive mode.
122 In this chapter, we tell you how to get acquainted with SELinux more in-depth
123 with live command information, but without interfering with the standard access
124 controls (i.e. in permissive mode).
125 </abstract>
126 <include href="hb-using-permissive.xml"/>
127 </chapter>
128
129 <chapter>
130 <title>Switching to Enforcing Mode</title>
131 <abstract>
132 Once you believe that the system can be ran in enforcing mode, we switch the
133 system to verify if this is true. Once verified, the next step is to (re)boot in
134 enforcing mode. Finally, if we are confident that the enforcing is working
135 properly and that the system is still doing its job correctly, we fix the
136 enforcing mode so that it cannot be disabled anymore.
137 </abstract>
138 <include href="hb-using-enforcing.xml"/>
139 </chapter>
140
141 <chapter>
142 <title>Adding SELinux Policy Modules</title>
143 <abstract>
144 Far from all packages where SELinux policy modules are available for have a
145 corresponding package in Gentoo/Hardened. In this chapter, we help you to add
146 more modules yourself or create your own modules for those packages that have no
147 SELinux policies yet.
148 </abstract>
149 <include href="hb-using-policymodules.xml"/>
150 </chapter>
151 </part>
152
153 <part>
154 <title>Appendices</title>
155 <abstract>
156 Additional resources and referenced materials within this book are mentioned in
157 this appendix.
158 </abstract>
159
160 <chapter>
161 <title>Troubleshooting SELinux</title>
162 <abstract>
163 Everything made by a human can and will fail. In this chapter we will try to
164 keep track of all potential issues you might come across and how to resolve
165 them.
166 </abstract>
167 <include href="hb-appendix-troubleshoot.xml"/>
168 </chapter>
169
170 <chapter>
171 <title>SELinux Reference Material</title>
172 <abstract>
173 This Gentoo Hardened SELinux handbook gives a first introduction to SELinux and
174 how it is integrated in Gentoo Hardened. But more seasoned administrators will
175 most definitely want to read up on the more advanced uses (and managerial
176 challenges) of SELinux - which we definitely recommend. A non-exhaustive list is
177 compiled in this chapter.
178 </abstract>
179 <include href="hb-appendix-reference.xml" />
180 </chapter>
181 </part>
182
183 </book>

  ViewVC Help
Powered by ViewVC 1.1.20