/[gentoo]/xml/htdocs/proj/en/hardened/selinux/selinux-handbook.xml
Gentoo

Diff of /xml/htdocs/proj/en/hardened/selinux/selinux-handbook.xml

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

Revision 1.1 Revision 1.14
1<?xml version='1.0' encoding='UTF-8'?> 1<?xml version='1.0' encoding='UTF-8'?>
2<!DOCTYPE book SYSTEM "/dtd/book.dtd"> 2<!DOCTYPE book SYSTEM "/dtd/book.dtd">
3 3
4<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/proj/en/hardened/selinux/selinux-handbook.xml,v 1.1 2006/04/26 02:04:14 pebenito Exp $ --> 4<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/proj/en/hardened/selinux/selinux-handbook.xml,v 1.14 2012/03/28 18:54:56 swift Exp $ -->
5 5
6<book link="selinux-handbook.xml"> 6<book>
7<title>Gentoo SELinux Handbook</title> 7<title>Gentoo SELinux Handbook</title>
8 8
9<author title="Author"> 9<author title="Author">
10 <mail link="pebenito@gentoo.org">Chris PeBenito</mail> 10 <mail link="pebenito@gentoo.org">Chris PeBenito</mail>
11</author> 11</author>
12
13<author title="Author"> 12<author title="Author">
14 Main Gentoo Handbook Authors, Editors, and Contributors 13 <mail link="sven.vermeulen@siphos.be">Sven Vermeulen</mail>
14</author>
15<author title="Author">
16 Chris Richards
15</author> 17</author>
16 18
17<abstract> 19<abstract>
18This is the Gentoo x86 SELinux Handbook, based on the Gentoo handbook. 20This is the Gentoo SELinux Handbook.
19</abstract> 21</abstract>
20 22
21<!-- The content of this document is licensed under the CC-BY-SA license --> 23<!-- The content of this document is licensed under the CC-BY-SA license -->
22<!-- See http://creativecommons.org/licenses/by-sa/1.0 --> 24<!-- See http://creativecommons.org/licenses/by-sa/1.0 -->
23<license/> 25<license/>
24 26
25<version>1.90</version> 27<version>4</version>
26<date>25 April 2006</date> 28<date>2011-09-18</date>
27 29
28<part> 30<part>
29<title>Installing Gentoo SELinux</title> 31<title>Introduction to Gentoo/Hardened SELinux</title>
30<abstract> 32<abstract>
31In this part you learn how to install Gentoo SELinux on your system. 33In this part we cover what SELinux is and how it is positioned within the
34Gentoo/Hardened project.
32</abstract> 35</abstract>
33 36
34<chapter> 37<chapter>
35<title>Gentoo SELinux Installation</title> 38<title>Enhancing Linux Security</title>
36<abstract> 39<abstract>
37How to do a fresh installation of Gentoo SELinux. 40Security is more than enabling a certain framework or installing a different
41Linux kernel. It is a way of working / administrating your Gentoo Linux system.
42We cover a few (generic) best practices, and then elaborate on what Mandatory
43Access Control is and how SELinux fills in this gap.
38</abstract> 44</abstract>
45 <include href="hb-intro-enhancingsecurity.xml"/>
46</chapter>
47
48<chapter>
49<title>SELinux Concepts</title>
50<abstract>
51To be able to properly work with SELinux, it is vital that you understand a few
52of its concepts like domains, domain transitions and file contexts. Without
53a basic understanding of these aspects, it will be difficult to understand
54how SELinux policies work and how to troubleshoot if things go wrong.
55</abstract>
56 <include href="hb-intro-concepts.xml"/>
57</chapter>
58
59<chapter>
60<title>SELinux Resources</title>
61<abstract>
62To get more acquainted with SELinux, many resources exist on the Internet.
63In this chapter we give a quick overview of the various resources as well
64as places where you can get more help when you are fighting with SELinux.
65</abstract>
66 <include href="hb-intro-resources.xml"/>
67</chapter>
68
69<!--
70<chapter>
71<title>The SELinux (Reference) Policy</title>
72<abstract>
73To streamline SELinux policy development, a reference policy is being developed
74that is used by all SELinux-supporting distributions. In this chapter we give
75some intel on what this reference policy is and why it is brought to life, but
76also how this policy functions and how its development is progressing. We also
77cover the basics on SELinux policies in general.
78</abstract>
79 <include href="hb-intro-referencepolicy.xml"/>
80</chapter>
81
82<chapter>
83<title>SELinux Virtual Machine Support</title>
84<abstract>
85SELinux support is being actively integrated in libvirt and other
86virtualization frameworks to elevate the security of virtualized
87environments. Within this chapter we give you a first introduction
88on how this is done for libvirt managed environments and what you need to take
89into account if you wish to use SELinux within your virtualized environment.
90</abstract>
91 <include href="hb-intro-virtualization.xml"/>
92</chapter>
93-->
94</part>
95
96<part>
97<title>Using Gentoo/Hardened SELinux</title>
98<abstract>
99With the theoretic stuff behind us, let us start by installing Gentoo/Hardened
100with a SELinux kernel as well as the SELinux tools.
101</abstract>
102
103<chapter>
104<title>Gentoo SELinux Installation / Conversion</title>
105<abstract>
106To set up SELinux within Gentoo/Hardened, you first need to install Gentoo with
107the correct Hardened profile (or convert to the Hardened profile) and then
108update your system to become a SELinux-managed system. This chapter will guide
109you through this process.
110</abstract>
39 <include href="hb-install.xml"/> 111 <include href="hb-using-install.xml"/>
112</chapter>
113
114<chapter>
115<title>Configuring SELinux For Your Needs</title>
116<abstract>
117With SELinux now "installed" and enabled (although in permissive mode), we now
118configure it to suit your particular needs. After all, SELinux is a Mandatory
119Access Control system where you, as security administrator, define what is
120allowed and what not.
121</abstract>
122 <include href="hb-using-configuring.xml"/>
123</chapter>
124
125<chapter>
126<title>SELinux Commands</title>
127<abstract>
128Let's take a step back and get to know a few more commands. We covered most of
129them in the previous section, but we will now dive a bit deeper in its
130syntax, features and potential pitfalls.
131</abstract>
132 <include href="hb-using-commands.xml"/>
133</chapter>
134
135<chapter>
136<title>Permissive, Unconfined, Disabled or What Not...</title>
137<abstract>
138Your system can be in many SELinux states. In this chapter, we help you switch
139between the various states / policies.
140</abstract>
141 <include href="hb-using-states.xml"/>
142</chapter>
143
144<chapter>
145<title>Modifying the Gentoo Hardened SELinux Policy</title>
146<abstract>
147Gentoo Hardened offers a default policy, but this might not allow what you want
148(or allows too much). In this chapter we tell you how you can tweak Gentoo's
149policy, or even run your own.
150</abstract>
151 <include href="hb-using-policies.xml"/>
152</chapter>
153
154<chapter>
155<title>Troubleshooting SELinux</title>
156<abstract>
157Everything made by a human can and will fail. In this chapter we will try to
158keep track of all potential issues you might come across and how to resolve
159them.
160</abstract>
161 <include href="hb-using-troubleshoot.xml"/>
40</chapter> 162</chapter>
41</part> 163</part>
42 164
165<!--
43<part> 166<part>
44<title>Converting to Gentoo SELinux</title> 167<title>Advanced SELinux</title>
45<abstract> 168<abstract>
46SELinux alternatively can be installed on current Linux installations. This 169SELinux can be much more integrated in the system. In this part, we describe how
47Chapter deals with converting a prexisting Gentoo install to SELinux. 170to enhance SELinux configurations, tuning and securing your system even more.
48</abstract> 171</abstract>
172
49<chapter> 173<chapter>
50<title>Initial preparations</title> 174<title>Working with MLS</title>
51<abstract> 175<abstract>
52A few preparations must be done before installing SELinux packages. 176...
53</abstract> 177</abstract>
54 <include href="hb-selinux-conv-profile.xml"/> 178 <include href="hb-advanced-mls.xml"/>
55</chapter> 179</chapter>
180
56<chapter> 181<chapter>
57<title>Boot SELinux Kernel</title> 182<title>Using s(ecure) Virt(ualization)</title>
58<abstract> 183<abstract>
59Install and boot a SELinux kernel. 184...
60</abstract> 185</abstract>
61 <include href="hb-selinux-conv-reboot1.xml"/> 186 <include href="hb-advanced-svirt.xml"/>
62</chapter> 187</chapter>
188
63<chapter> 189<chapter>
64<title>Install SELinux Userland</title> 190<title>Using Netlabel</title>
65<abstract> 191<abstract>
66Install SELinux packages and policy, and label filesystems. 192...
67</abstract> 193</abstract>
68 <include href="hb-selinux-conv-reboot2.xml"/> 194 <include href="hb-advanced-netlabel.xml"/>
69</chapter> 195</chapter>
70</part> 196</part>
71 197-->
72<part>
73<title>Working with SELinux</title>
74<abstract>
75Learn how to work with SELinux
76</abstract>
77<chapter>
78<title>SELinux Overview</title>
79<abstract>
80SELinux has many parts to understand. This chapter discusses SELinux's
81important concepts and policy.
82</abstract>
83 <include href="hb-selinux-overview.xml"/>
84</chapter>
85<chapter>
86<title>SELinux HOWTO</title>
87<abstract>
88This chapter deals with how to common operations in SELinux.
89</abstract>
90 <include href="hb-selinux-howto.xml"/>
91</chapter>
92<chapter>
93<title>SELinux FAQ</title>
94<abstract>
95This chapter deals with frequently asked questions in SELinux.
96</abstract>
97 <include href="hb-selinux-faq.xml"/>
98</chapter>
99
100</part>
101
102<part>
103<title>Troubleshooting SELinux</title>
104<abstract>
105When encountering problems on a machine, SELinux can add extra difficulty
106in fixing the problem. This chapter walks through fixing common problems.
107</abstract>
108<chapter>
109<title>Policy Not Loaded on Boot</title>
110<abstract>
111This chapter deals with the problem of the policy not being loaded on boot.
112</abstract>
113 <include href="hb-selinux-initpol.xml"/>
114</chapter>
115<chapter>
116<title>Trouble Logging in Locally</title>
117<abstract>
118This chapter deals with problems logging in locally at the console.
119</abstract>
120 <include href="hb-selinux-loglocal.xml"/>
121</chapter>
122<chapter>
123<title>Trouble Logging in Remotely</title>
124<abstract>
125This chapter deals with problems logging in remotely by ssh.
126</abstract>
127 <include href="hb-selinux-logremote.xml"/>
128</chapter>
129</part>
130 198
131</book> 199</book>

Legend:
Removed from v.1.1  
changed lines
  Added in v.1.14

  ViewVC Help
Powered by ViewVC 1.1.20