hardened/selinux/selinux-handbook.xml

<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE book SYSTEM "/dtd/book.dtd">

<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/proj/en/hardened/selinux/selinux-handbook.xml,v 1.15 2012/04/10 20:19:19 swift Exp $ -->

<book>
<title>Gentoo SELinux Handbook</title>

<author title="Author">
  <mail link="pebenito@gentoo.org">Chris PeBenito</mail>
</author>
<author title="Author">
  <mail link="sven.vermeulen@siphos.be">Sven Vermeulen</mail>
</author>
<author title="Author">
  Chris Richards
</author>

<abstract>
This is the Gentoo SELinux Handbook.
</abstract>

<!-- The content of this document is licensed under the CC-BY-SA license -->
<!-- See http://creativecommons.org/licenses/by-sa/1.0 -->
<license/>

<version>4</version>
<date>2011-09-18</date>

<part>
<title>Introduction to Gentoo/Hardened SELinux</title>
<abstract>
In this part we cover what SELinux is and how it is positioned within the
Gentoo/Hardened project.
</abstract>

<chapter>
<title>Enhancing Linux Security</title>
<abstract>
Security is more than enabling a certain framework or installing a different
Linux kernel. It is a way of working / administrating your Gentoo Linux system.
We cover a few (generic) best practices, and then elaborate on what Mandatory 
Access Control is and how SELinux fills in this gap.
</abstract>
  <include href="hb-intro-enhancingsecurity.xml"/>
</chapter>

<chapter>
<title>SELinux Concepts</title>
<abstract>
To be able to properly work with SELinux, it is vital that you understand a few
of its concepts like domains, domain transitions and file contexts. Without 
a basic understanding of these aspects, it will be difficult to understand
how SELinux policies work and how to troubleshoot if things go wrong.
</abstract>
  <include href="hb-intro-concepts.xml"/>
</chapter>

<chapter>
<title>SELinux Resources</title>
<abstract>
To get more acquainted with SELinux, many resources exist on the Internet.
In this chapter we give a quick overview of the various resources as well
as places where you can get more help when you are fighting with SELinux.
</abstract>
  <include href="hb-intro-resources.xml"/>
</chapter>

<!-- 
<chapter>
<title>The SELinux (Reference) Policy</title>
<abstract>
To streamline SELinux policy development, a reference policy is being developed
that is used by all SELinux-supporting distributions. In this chapter we give 
some intel on what this reference policy is and why it is brought to life, but
also how this policy functions and how its development is progressing. We also
cover the basics on SELinux policies in general.
</abstract>
  <include href="hb-intro-referencepolicy.xml"/>
</chapter>

<chapter>
<title>SELinux Virtual Machine Support</title>
<abstract>
SELinux support is being actively integrated in libvirt and other
virtualization frameworks to elevate the security of virtualized
environments. Within this chapter we give you a first introduction
on how this is done for libvirt managed environments and what you need to take
into account if you wish to use SELinux within your virtualized environment.
</abstract>
  <include href="hb-intro-virtualization.xml"/>
</chapter>
-->
</part>

<part>
<title>Using Gentoo/Hardened SELinux</title>
<abstract>
With the theoretic stuff behind us, let us start by installing Gentoo/Hardened
with a SELinux kernel as well as the SELinux tools.
</abstract>

<chapter>
<title>Gentoo SELinux Installation / Conversion</title>
<abstract>
To set up SELinux within Gentoo/Hardened, you first need to install Gentoo with
the correct Hardened profile (or convert to the Hardened profile) and then
update your system to become a SELinux-managed system. This chapter will guide
you through this process.
</abstract>
  <include href="hb-using-install.xml"/>
</chapter>

<chapter>
<title>Configuring SELinux For Your Needs</title>
<abstract>
With SELinux now "installed" and enabled (although in permissive mode), we now
configure it to suit your particular needs. After all, SELinux is a Mandatory
Access Control system where you, as security administrator, define what is
allowed and what not.
</abstract>
  <include href="hb-using-configuring.xml"/>
</chapter>

<chapter>
<title>SELinux Commands</title>
<abstract>
Let's take a step back and get to know a few more commands. We covered most of
them in the previous section, but we will now dive a bit deeper in its
syntax, features and potential pitfalls.
</abstract>
  <include href="hb-using-commands.xml"/>
</chapter>

<chapter>
<title>Permissive, Unconfined, Disabled or What Not...</title>
<abstract>
Your system can be in many SELinux states. In this chapter, we help you switch
between the various states / policies.
</abstract>
  <include href="hb-using-states.xml"/>
</chapter>

<chapter>
<title>Modifying the Gentoo Hardened SELinux Policy</title>
<abstract>
Gentoo Hardened offers a default policy, but this might not allow what you want
(or allows too much). In this chapter we tell you how you can tweak Gentoo's
policy, or even run your own.
</abstract>
  <include href="hb-using-policies.xml"/>
</chapter>

<chapter>
<title>Troubleshooting SELinux</title>
<abstract>
Everything made by a human can and will fail. In this chapter we will try to
keep track of all potential issues you might come across and how to resolve
them. 
</abstract>
  <include href="hb-using-troubleshoot.xml"/>
</chapter>

<chapter>
<title>Change History</title>
<abstract>
As documentation evolves with the technology, this handbook too sees its fair
share of changes. To allow users, who are already on SELinux, to verify if there
are any changes they need to be aware off, this chapter lists the changes in
chronological order.
</abstract>
  <include href="hb-using-changes.xml"/>
</chapter>
</part>

<!--
<part>
<title>Advanced SELinux</title>
<abstract>
SELinux can be much more integrated in the system. In this part, we describe how
to enhance SELinux configurations, tuning and securing your system even more.
</abstract>

<chapter>
<title>Working with MLS</title>
<abstract>
...
</abstract>
  <include href="hb-advanced-mls.xml"/>
</chapter>

<chapter>
<title>Using s(ecure) Virt(ualization)</title>
<abstract>
...
</abstract>
  <include href="hb-advanced-svirt.xml"/>
</chapter>

<chapter>
<title>Using Netlabel</title>
<abstract>
...
</abstract>
  <include href="hb-advanced-netlabel.xml"/>
</chapter>
</part>
-->

</book>
1	<?xml version='1.0' encoding='UTF-8'?>
2	<!DOCTYPE book SYSTEM "/dtd/book.dtd">
3
4	<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/proj/en/hardened/selinux/selinux-handbook.xml,v 1.15 2012/04/10 20:19:19 swift Exp $ -->
5
6	<book>
7	<title>Gentoo SELinux Handbook</title>
8
9	<author title="Author">
10	<mail link="pebenito@gentoo.org">Chris PeBenito</mail>
11	</author>
12	<author title="Author">
13	<mail link="sven.vermeulen@siphos.be">Sven Vermeulen</mail>
14	</author>
15	<author title="Author">
16	Chris Richards
17	</author>
18
19	<abstract>
20	This is the Gentoo SELinux Handbook.
21	</abstract>
22
23	<!-- The content of this document is licensed under the CC-BY-SA license -->
24	<!-- See http://creativecommons.org/licenses/by-sa/1.0 -->
25	<license/>
26
27	<version>4</version>
28	<date>2011-09-18</date>
29
30	<part>
31	<title>Introduction to Gentoo/Hardened SELinux</title>
32	<abstract>
33	In this part we cover what SELinux is and how it is positioned within the
34	Gentoo/Hardened project.
35	</abstract>
36
37	<chapter>
38	<title>Enhancing Linux Security</title>
39	<abstract>
40	Security is more than enabling a certain framework or installing a different
41	Linux kernel. It is a way of working / administrating your Gentoo Linux system.
42	We cover a few (generic) best practices, and then elaborate on what Mandatory
43	Access Control is and how SELinux fills in this gap.
44	</abstract>
45	<include href="hb-intro-enhancingsecurity.xml"/>
46	</chapter>
47
48	<chapter>
49	<title>SELinux Concepts</title>
50	<abstract>
51	To be able to properly work with SELinux, it is vital that you understand a few
52	of its concepts like domains, domain transitions and file contexts. Without
53	a basic understanding of these aspects, it will be difficult to understand
54	how SELinux policies work and how to troubleshoot if things go wrong.
55	</abstract>
56	<include href="hb-intro-concepts.xml"/>
57	</chapter>
58
59	<chapter>
60	<title>SELinux Resources</title>
61	<abstract>
62	To get more acquainted with SELinux, many resources exist on the Internet.
63	In this chapter we give a quick overview of the various resources as well
64	as places where you can get more help when you are fighting with SELinux.
65	</abstract>
66	<include href="hb-intro-resources.xml"/>
67	</chapter>
68
69	<!--
70	<chapter>
71	<title>The SELinux (Reference) Policy</title>
72	<abstract>
73	To streamline SELinux policy development, a reference policy is being developed
74	that is used by all SELinux-supporting distributions. In this chapter we give
75	some intel on what this reference policy is and why it is brought to life, but
76	also how this policy functions and how its development is progressing. We also
77	cover the basics on SELinux policies in general.
78	</abstract>
79	<include href="hb-intro-referencepolicy.xml"/>
80	</chapter>
81
82	<chapter>
83	<title>SELinux Virtual Machine Support</title>
84	<abstract>
85	SELinux support is being actively integrated in libvirt and other
86	virtualization frameworks to elevate the security of virtualized
87	environments. Within this chapter we give you a first introduction
88	on how this is done for libvirt managed environments and what you need to take
89	into account if you wish to use SELinux within your virtualized environment.
90	</abstract>
91	<include href="hb-intro-virtualization.xml"/>
92	</chapter>
93	-->
94	</part>
95
96	<part>
97	<title>Using Gentoo/Hardened SELinux</title>
98	<abstract>
99	With the theoretic stuff behind us, let us start by installing Gentoo/Hardened
100	with a SELinux kernel as well as the SELinux tools.
101	</abstract>
102
103	<chapter>
104	<title>Gentoo SELinux Installation / Conversion</title>
105	<abstract>
106	To set up SELinux within Gentoo/Hardened, you first need to install Gentoo with
107	the correct Hardened profile (or convert to the Hardened profile) and then
108	update your system to become a SELinux-managed system. This chapter will guide
109	you through this process.
110	</abstract>
111	<include href="hb-using-install.xml"/>
112	</chapter>
113
114	<chapter>
115	<title>Configuring SELinux For Your Needs</title>
116	<abstract>
117	With SELinux now "installed" and enabled (although in permissive mode), we now
118	configure it to suit your particular needs. After all, SELinux is a Mandatory
119	Access Control system where you, as security administrator, define what is
120	allowed and what not.
121	</abstract>
122	<include href="hb-using-configuring.xml"/>
123	</chapter>
124
125	<chapter>
126	<title>SELinux Commands</title>
127	<abstract>
128	Let's take a step back and get to know a few more commands. We covered most of
129	them in the previous section, but we will now dive a bit deeper in its
130	syntax, features and potential pitfalls.
131	</abstract>
132	<include href="hb-using-commands.xml"/>
133	</chapter>
134
135	<chapter>
136	<title>Permissive, Unconfined, Disabled or What Not...</title>
137	<abstract>
138	Your system can be in many SELinux states. In this chapter, we help you switch
139	between the various states / policies.
140	</abstract>
141	<include href="hb-using-states.xml"/>
142	</chapter>
143
144	<chapter>
145	<title>Modifying the Gentoo Hardened SELinux Policy</title>
146	<abstract>
147	Gentoo Hardened offers a default policy, but this might not allow what you want
148	(or allows too much). In this chapter we tell you how you can tweak Gentoo's
149	policy, or even run your own.
150	</abstract>
151	<include href="hb-using-policies.xml"/>
152	</chapter>
153
154	<chapter>
155	<title>Troubleshooting SELinux</title>
156	<abstract>
157	Everything made by a human can and will fail. In this chapter we will try to
158	keep track of all potential issues you might come across and how to resolve
159	them.
160	</abstract>
161	<include href="hb-using-troubleshoot.xml"/>
162	</chapter>
163
164	<chapter>
165	<title>Change History</title>
166	<abstract>
167	As documentation evolves with the technology, this handbook too sees its fair
168	share of changes. To allow users, who are already on SELinux, to verify if there
169	are any changes they need to be aware off, this chapter lists the changes in
170	chronological order.
171	</abstract>
172	<include href="hb-using-changes.xml"/>
173	</chapter>
174	</part>
175
176	<!--
177	<part>
178	<title>Advanced SELinux</title>
179	<abstract>
180	SELinux can be much more integrated in the system. In this part, we describe how
181	to enhance SELinux configurations, tuning and securing your system even more.
182	</abstract>
183
184	<chapter>
185	<title>Working with MLS</title>
186	<abstract>
187	...
188	</abstract>
189	<include href="hb-advanced-mls.xml"/>
190	</chapter>
191
192	<chapter>
193	<title>Using s(ecure) Virt(ualization)</title>
194	<abstract>
195	...
196	</abstract>
197	<include href="hb-advanced-svirt.xml"/>
198	</chapter>
199
200	<chapter>
201	<title>Using Netlabel</title>
202	<abstract>
203	...
204	</abstract>
205	<include href="hb-advanced-netlabel.xml"/>
206	</chapter>
207	</part>
208	-->
209
210	</book>