/[gentoo]/xml/htdocs/proj/en/hardened/selinux/selinux-handbook.xml
Gentoo

Diff of /xml/htdocs/proj/en/hardened/selinux/selinux-handbook.xml

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

Revision 1.11 Revision 1.12
1<?xml version='1.0' encoding='UTF-8'?> 1<?xml version='1.0' encoding='UTF-8'?>
2<!DOCTYPE book SYSTEM "/dtd/book.dtd"> 2<!DOCTYPE book SYSTEM "/dtd/book.dtd">
3 3
4<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/proj/en/hardened/selinux/selinux-handbook.xml,v 1.11 2011/04/25 20:12:59 zorry Exp $ --> 4<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/proj/en/hardened/selinux/selinux-handbook.xml,v 1.12 2011/10/23 12:59:32 swift Exp $ -->
5 5
6<book link="selinux-handbook.xml"> 6<book link="selinux-handbook.xml">
7<title>Gentoo SELinux Handbook</title> 7<title>Gentoo SELinux Handbook</title>
8 8
9<author title="Author"> 9<author title="Author">
22 22
23<!-- The content of this document is licensed under the CC-BY-SA license --> 23<!-- The content of this document is licensed under the CC-BY-SA license -->
24<!-- See http://creativecommons.org/licenses/by-sa/1.0 --> 24<!-- See http://creativecommons.org/licenses/by-sa/1.0 -->
25<license/> 25<license/>
26 26
27<version>3.00</version> 27<version>4</version>
28<date>2010-12-01</date> 28<date>2011-09-18</date>
29 29
30<part> 30<part>
31<title>Introduction to Gentoo/Hardened SELinux</title> 31<title>Introduction to Gentoo/Hardened SELinux</title>
32<abstract> 32<abstract>
33In this part we cover what SELinux is and how it is positioned within the 33In this part we cover what SELinux is and how it is positioned within the
55</abstract> 55</abstract>
56 <include href="hb-intro-concepts.xml"/> 56 <include href="hb-intro-concepts.xml"/>
57</chapter> 57</chapter>
58 58
59<chapter> 59<chapter>
60<title>SELinux Resources</title>
61<abstract>
62To get more acquainted with SELinux, many resources exist on the Internet.
63In this chapter we give a quick overview of the various resources as well
64as places where you can get more help when you are fighting with SELinux.
65</abstract>
66 <include href="hb-intro-resources.xml"/>
67</chapter>
68
69<!--
70<chapter>
60<title>The SELinux (Reference) Policy</title> 71<title>The SELinux (Reference) Policy</title>
61<abstract> 72<abstract>
62To streamline SELinux policy development, a reference policy is being developed 73To streamline SELinux policy development, a reference policy is being developed
63that is used by all SELinux-supporting distributions. In this chapter we give 74that is used by all SELinux-supporting distributions. In this chapter we give
64some intel on what this reference policy is and why it is brought to life, but 75some intel on what this reference policy is and why it is brought to life, but
65also how this policy functions and how its development is progressing. We also 76also how this policy functions and how its development is progressing. We also
66cover the basics on SELinux policies in general. 77cover the basics on SELinux policies in general.
67</abstract> 78</abstract>
68 <include href="hb-intro-referencepolicy.xml"/> 79 <include href="hb-intro-referencepolicy.xml"/>
69</chapter> 80</chapter>
70
71<!--
72 Removed for the time being, not critical.
73 Moved to next major version of handbook.
74 81
75<chapter> 82<chapter>
76<title>SELinux Virtual Machine Support</title> 83<title>SELinux Virtual Machine Support</title>
77<abstract> 84<abstract>
78SELinux support is being actively integrated in libvirt and other 85SELinux support is being actively integrated in libvirt and other
103</abstract> 110</abstract>
104 <include href="hb-using-install.xml"/> 111 <include href="hb-using-install.xml"/>
105</chapter> 112</chapter>
106 113
107<chapter> 114<chapter>
115<title>Configuring SELinux For Your Needs</title>
116<abstract>
117With SELinux now "installed" and enabled (although in permissive mode), we now
118configure it to suit your particular needs. After all, SELinux is a Mandatory
119Access Control system where you, as security administrator, define what is
120allowed and what not.
121</abstract>
122 <include href="hb-using-configuring.xml"/>
123</chapter>
124
125<chapter>
108<title>SELinux Commands</title> 126<title>SELinux Commands</title>
109<abstract> 127<abstract>
110Before we start with SELinux, we first take a step back and get to know a few 128Let's take a step back and get to know a few more commands. We covered most of
111commands. As we are currently running a SELinux enabled system (but in 129them in the previous section, but we will now dive a bit deeper in its
112permissive mode) we can now get acquainted with the various SELinux-specific 130syntax, features and potential pitfalls.
113commands.
114</abstract> 131</abstract>
115 <include href="hb-using-commands.xml"/> 132 <include href="hb-using-commands.xml"/>
116</chapter> 133</chapter>
117 134
118<chapter> 135<chapter>
119<title>Running in Permissive Mode</title> 136<title>Permissive, Unconfined, Disabled or What Not...</title>
120<abstract> 137<abstract>
121Once SELinux is active, we first start by running the system in permissive mode. 138Your system can be in many SELinux states. In this chapter, we help you switch
122In this chapter, we tell you how to get acquainted with SELinux more in-depth 139between the various states / policies.
123with live command information, but without interfering with the standard access
124controls (i.e. in permissive mode).
125</abstract> 140</abstract>
126 <include href="hb-using-permissive.xml"/> 141 <include href="hb-using-states.xml"/>
127</chapter> 142</chapter>
128 143
129<chapter> 144<chapter>
130<title>Switching to Enforcing Mode</title> 145<title>Modifying the Gentoo Hardened SELinux Policy</title>
131<abstract> 146<abstract>
132Once you believe that the system can be ran in enforcing mode, we switch the 147Gentoo Hardened offers a default policy, but this might not allow what you want
133system to verify if this is true. Once verified, the next step is to (re)boot in 148(or allows too much). In this chapter we tell you how you can tweak Gentoo's
134enforcing mode. Finally, if we are confident that the enforcing is working 149policy, or even run your own.
135properly and that the system is still doing its job correctly, we fix the
136enforcing mode so that it cannot be disabled anymore.
137</abstract> 150</abstract>
138 <include href="hb-using-enforcing.xml"/> 151 <include href="hb-using-policies.xml"/>
139</chapter> 152</chapter>
140
141<chapter>
142<title>Adding SELinux Policy Modules</title>
143<abstract>
144Far from all packages where SELinux policy modules are available for have a
145corresponding package in Gentoo/Hardened. In this chapter, we help you to add
146more modules yourself or create your own modules for those packages that have no
147SELinux policies yet.
148</abstract>
149 <include href="hb-using-policymodules.xml"/>
150</chapter>
151</part>
152
153<part>
154<title>Appendices</title>
155<abstract>
156Additional resources and referenced materials within this book are mentioned in
157this appendix.
158</abstract>
159 153
160<chapter> 154<chapter>
161<title>Troubleshooting SELinux</title> 155<title>Troubleshooting SELinux</title>
162<abstract> 156<abstract>
163Everything made by a human can and will fail. In this chapter we will try to 157Everything made by a human can and will fail. In this chapter we will try to
164keep track of all potential issues you might come across and how to resolve 158keep track of all potential issues you might come across and how to resolve
165them. 159them.
166</abstract> 160</abstract>
167 <include href="hb-appendix-troubleshoot.xml"/> 161 <include href="hb-using-troubleshoot.xml"/>
162</chapter>
163</part>
164
165<!--
166<part>
167<title>Advanced SELinux</title>
168<abstract>
169SELinux can be much more integrated in the system. In this part, we describe how
170to enhance SELinux configurations, tuning and securing your system even more.
171</abstract>
172
173<chapter>
174<title>Working with MLS</title>
175<abstract>
176...
177</abstract>
178 <include href="hb-advanced-mls.xml"/>
168</chapter> 179</chapter>
169 180
170<chapter> 181<chapter>
171<title>SELinux Reference Material</title> 182<title>Using s(ecure) Virt(ualization)</title>
172<abstract> 183<abstract>
173This Gentoo Hardened SELinux handbook gives a first introduction to SELinux and 184...
174how it is integrated in Gentoo Hardened. But more seasoned administrators will
175most definitely want to read up on the more advanced uses (and managerial
176challenges) of SELinux - which we definitely recommend. A non-exhaustive list is
177compiled in this chapter.
178</abstract> 185</abstract>
179 <include href="hb-appendix-reference.xml" /> 186 <include href="hb-advanced-svirt.xml"/>
187</chapter>
188
189<chapter>
190<title>Using Netlabel</title>
191<abstract>
192...
193</abstract>
194 <include href="hb-advanced-netlabel.xml"/>
180</chapter> 195</chapter>
181</part> 196</part>
197-->
182 198
183</book> 199</book>

Legend:
Removed from v.1.11  
changed lines
  Added in v.1.12

  ViewVC Help
Powered by ViewVC 1.1.20