/[gentoo]/xml/htdocs/proj/en/hardened/selinux/selinux-handbook.xml

Diff of /xml/htdocs/proj/en/hardened/selinux/selinux-handbook.xml

Parent Directory | Revision Log | View Patch Patch

Revision 1.9		Revision 1.16
1	<?xml version='1.0' encoding='UTF-8'?>	1	<?xml version='1.0' encoding='UTF-8'?>
2	<!DOCTYPE book SYSTEM "/dtd/book.dtd">	2	<!DOCTYPE book SYSTEM "/dtd/book.dtd">
3		3
4	<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/proj/en/hardened/selinux/selinux-handbook.xml,v 1.9 2010/06/25 16:07:19 pebenito Exp $ -->	4	<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/proj/en/hardened/selinux/selinux-handbook.xml,v 1.16 2012/06/24 11:54:39 swift Exp $ -->
5		5
6	<book link="selinux-handbook.xml">	6	<book>
7	<title>Gentoo SELinux Handbook</title>	7	<title>Gentoo SELinux Handbook</title>
8		8
9	<author title="Author">	9	<author title="Author">
10	<mail link="pebenito@gentoo.org">Chris PeBenito</mail>	10	<mail link="pebenito@gentoo.org">Chris PeBenito</mail>
11	</author>	11	</author>
12		12	<author title="Author">
		13	<mail link="sven.vermeulen@siphos.be">Sven Vermeulen</mail>
		14	</author>
13	<author title="Author">	15	<author title="Author">
14	Chris Richards	16	Chris Richards
15	</author>	17	</author>
16		18
17	<abstract>	19	<abstract>
18	This is the Gentoo SELinux Handbook.	20	This is the Gentoo SELinux Handbook.
19	</abstract>	21	</abstract>
20		22
21	<!-- The content of this document is licensed under the CC-BY-SA license -->	23	<!-- The content of this document is licensed under the CC-BY-SA license -->
22	<!-- See http://creativecommons.org/licenses/by-sa/1.0 -->	24	<!-- See http://creativecommons.org/licenses/by-sa/1.0 -->
23	<license/>	25	<license/>
24		26
25	<version>2.00</version>	27	<version>4</version>
26	<date>2006-10-15</date>	28	<date>2011-09-18</date>
27		29
28	<part>	30	<part>
29	<title>Installing Gentoo SELinux</title>	31	<title>Introduction to Gentoo/Hardened SELinux</title>
30	<abstract>
31	In this part you learn how to install Gentoo SELinux on your system.
32	</abstract>	32	<abstract>
33		33	In this part we cover what SELinux is and how it is positioned within the
34	<chapter>	34	Gentoo/Hardened project.
35	<title>Gentoo SELinux Installation</title>
36	<abstract>	35	</abstract>
37	How to do a fresh installation of Gentoo SELinux.	36
		37	<chapter>
		38	<title>Enhancing Linux Security</title>
38	</abstract>	39	<abstract>
39	<include href="hb-install.xml"/>	40	Security is more than enabling a certain framework or installing a different
		41	Linux kernel. It is a way of working / administrating your Gentoo Linux system.
		42	We cover a few (generic) best practices, and then elaborate on what Mandatory
		43	Access Control is and how SELinux fills in this gap.
		44	</abstract>
		45	<include href="hb-intro-enhancingsecurity.xml"/>
		46	</chapter>
		47
40	</chapter>	48	<chapter>
		49	<title>SELinux Concepts</title>
		50	<abstract>
		51	To be able to properly work with SELinux, it is vital that you understand a few
		52	of its concepts like domains, domain transitions and file contexts. Without
		53	a basic understanding of these aspects, it will be difficult to understand
		54	how SELinux policies work and how to troubleshoot if things go wrong.
		55	</abstract>
		56	<include href="hb-intro-concepts.xml"/>
		57	</chapter>
		58
		59	<chapter>
		60	<title>SELinux Resources</title>
		61	<abstract>
		62	To get more acquainted with SELinux, many resources exist on the Internet.
		63	In this chapter we give a quick overview of the various resources as well
		64	as places where you can get more help when you are fighting with SELinux.
		65	</abstract>
		66	<include href="hb-intro-resources.xml"/>
		67	</chapter>
		68
		69	<!--
		70	<chapter>
		71	<title>The SELinux (Reference) Policy</title>
		72	<abstract>
		73	To streamline SELinux policy development, a reference policy is being developed
		74	that is used by all SELinux-supporting distributions. In this chapter we give
		75	some intel on what this reference policy is and why it is brought to life, but
		76	also how this policy functions and how its development is progressing. We also
		77	cover the basics on SELinux policies in general.
		78	</abstract>
		79	<include href="hb-intro-referencepolicy.xml"/>
		80	</chapter>
		81
		82	<chapter>
		83	<title>SELinux Virtual Machine Support</title>
		84	<abstract>
		85	SELinux support is being actively integrated in libvirt and other
		86	virtualization frameworks to elevate the security of virtualized
		87	environments. Within this chapter we give you a first introduction
		88	on how this is done for libvirt managed environments and what you need to take
		89	into account if you wish to use SELinux within your virtualized environment.
		90	</abstract>
		91	<include href="hb-intro-virtualization.xml"/>
		92	</chapter>
		93	-->
41	</part>	94	</part>
42		95
43	<part>	96	<part>
44	<title>Converting to Gentoo SELinux</title>	97	<title>Using Gentoo/Hardened SELinux</title>
45	<abstract>
46	SELinux alternatively can be installed on current Linux installations. This
47	Chapter deals with converting a prexisting Gentoo install to SELinux.
48	</abstract>	98	<abstract>
49	<chapter>	99	With the theoretic stuff behind us, let us start by installing Gentoo/Hardened
50	<title>Initial preparations</title>	100	with a SELinux kernel as well as the SELinux tools.
51	<abstract>	101	</abstract>
52	A few preparations must be done before installing SELinux packages.	102
		103	<chapter>
		104	<title>Gentoo SELinux Installation / Conversion</title>
53	</abstract>	105	<abstract>
54	<include href="hb-selinux-conv-profile.xml"/>	106	To set up SELinux within Gentoo/Hardened, you first need to install Gentoo with
55	</chapter>	107	the correct Hardened profile (or convert to the Hardened profile) and then
56	<chapter>	108	update your system to become a SELinux-managed system. This chapter will guide
57	<title>Boot SELinux Kernel</title>	109	you through this process.
58	<abstract>	110	</abstract>
59	Install and boot a SELinux kernel.	111	<include href="hb-using-install.xml"/>
		112	</chapter>
		113
		114	<chapter>
		115	<title>Configuring SELinux For Your Needs</title>
60	</abstract>	116	<abstract>
61	<include href="hb-selinux-conv-reboot1.xml"/>	117	With SELinux now "installed" and enabled (although in permissive mode), we now
62	</chapter>	118	configure it to suit your particular needs. After all, SELinux is a Mandatory
63	<chapter>	119	Access Control system where you, as security administrator, define what is
64	<title>Install SELinux Userland</title>	120	allowed and what not.
65	<abstract>	121	</abstract>
66	Install SELinux packages and policy, and label filesystems.	122	<include href="hb-using-configuring.xml"/>
		123	</chapter>
		124
		125	<chapter>
		126	<title>SELinux Commands</title>
67	</abstract>	127	<abstract>
		128	Let's take a step back and get to know a few more commands. We covered most of
		129	them in the previous section, but we will now dive a bit deeper in its
		130	syntax, features and potential pitfalls.
		131	</abstract>
		132	<include href="hb-using-commands.xml"/>
		133	</chapter>
		134
		135	<chapter>
		136	<title>Permissive, Unconfined, Disabled or What Not...</title>
		137	<abstract>
		138	Your system can be in many SELinux states. In this chapter, we help you switch
		139	between the various states / policies.
		140	</abstract>
		141	<include href="hb-using-states.xml"/>
		142	</chapter>
		143
		144	<chapter>
		145	<title>Modifying the Gentoo Hardened SELinux Policy</title>
		146	<abstract>
		147	Gentoo Hardened offers a default policy, but this might not allow what you want
		148	(or allows too much). In this chapter we tell you how you can tweak Gentoo's
		149	policy, or even run your own.
		150	</abstract>
		151	<include href="hb-using-policies.xml"/>
		152	</chapter>
		153
		154	<chapter>
		155	<title>Troubleshooting SELinux</title>
		156	<abstract>
		157	Everything made by a human can and will fail. In this chapter we will try to
		158	keep track of all potential issues you might come across and how to resolve
		159	them.
		160	</abstract>
		161	<include href="hb-using-troubleshoot.xml"/>
		162	</chapter>
		163
		164	<chapter>
		165	<title>Change History</title>
		166	<abstract>
		167	As documentation evolves with the technology, this handbook too sees its fair
		168	share of changes. To allow users, who are already on SELinux, to verify if there
		169	are any changes they need to be aware off, this chapter lists the changes in
		170	chronological order.
		171	</abstract>
68	<include href="hb-selinux-conv-reboot2.xml"/>	172	<include href="hb-using-changes.xml"/>
69	</chapter>	173	</chapter>
70	</part>	174	</part>
71		175
		176	<!--
72	<part>	177	<part>
73	<title>Working with SELinux</title>	178	<title>Advanced SELinux</title>
74	<abstract>
75	Learn how to work with SELinux
76	</abstract>	179	<abstract>
77	<chapter>	180	SELinux can be much more integrated in the system. In this part, we describe how
78	<title>SELinux Overview</title>	181	to enhance SELinux configurations, tuning and securing your system even more.
79	<abstract>	182	</abstract>
80	SELinux has many parts to understand. This chapter discusses SELinux's	183
81	important concepts and policy.	184	<chapter>
		185	<title>Working with MLS</title>
82	</abstract>	186	<abstract>
83	<include href="hb-selinux-overview.xml"/>	187	...
84	</chapter>
85	<chapter>
86	<title>SELinux HOWTO</title>
87	<abstract>	188	</abstract>
88	This chapter deals with how to common operations in SELinux.	189	<include href="hb-advanced-mls.xml"/>
		190	</chapter>
		191
		192	<chapter>
		193	<title>Using s(ecure) Virt(ualization)</title>
89	</abstract>	194	<abstract>
90	<include href="hb-selinux-howto.xml"/>	195	...
91	</chapter>
92	<chapter>
93	<title>SELinux FAQ</title>
94	<abstract>	196	</abstract>
95	This chapter deals with frequently asked questions in SELinux.	197	<include href="hb-advanced-svirt.xml"/>
		198	</chapter>
		199
		200	<chapter>
		201	<title>Using Netlabel</title>
96	</abstract>	202	<abstract>
97	<include href="hb-selinux-faq.xml"/>	203	...
98	</chapter>
99	<chapter>
100	<title>SELinux Management Infrastructure</title>
101	<abstract>	204	</abstract>
102	The chapter deals with managing SELinux using the management infrastructure.	205	<include href="hb-advanced-netlabel.xml"/>
103	</abstract>
104	<include href="hb-selinux-libsemanage.xml"/>
105	</chapter>
106	<chapter>
107	<title>Local Policy Modules</title>
108	<abstract>
109	The chapter deals with adding rules and new modules to your policy.
110	</abstract>
111	<include href="hb-selinux-localmod.xml"/>
112	</chapter>
113	<chapter>
114	<title>SELinux Reference Materials</title>
115	<abstract>
116	This has a list of external references on SELinux.
117	</abstract>
118	<include href="hb-selinux-references.xml"/>
119	</chapter>	206	</chapter>
120	</part>	207	</part>
121		208	-->
122	<part>
123	<title>Troubleshooting SELinux</title>
124	<abstract>
125	When encountering problems on a machine, SELinux can add extra difficulty
126	in fixing the problem. This chapter walks through fixing common problems.
127	</abstract>
128	<chapter>
129	<title>Policy Not Loaded on Boot</title>
130	<abstract>
131	This chapter deals with the problem of the policy not being loaded on boot.
132	</abstract>
133	<include href="hb-selinux-initpol.xml"/>
134	</chapter>
135	<chapter>
136	<title>Trouble Logging in Locally</title>
137	<abstract>
138	This chapter deals with problems logging in locally at the console.
139	</abstract>
140	<include href="hb-selinux-loglocal.xml"/>
141	</chapter>
142	<chapter>
143	<title>Trouble Logging in Remotely</title>
144	<abstract>
145	This chapter deals with problems logging in remotely by ssh.
146	</abstract>
147	<include href="hb-selinux-logremote.xml"/>
148	</chapter>
149	</part>
150		209
151	</book>	210	</book>

 Legend:



Removed from v.1.9
 


changed lines


 
Added in v.1.16
 Legend:



Removed from v.1.9
 


changed lines


 
Added in v.1.16
-Removed from v.1.9
+Added in v.1.16

	ViewVC Help
Powered by ViewVC 1.1.20