/[gentoo]/xml/htdocs/proj/en/hardened/selinux/selinux-handbook.xml
Gentoo

Diff of /xml/htdocs/proj/en/hardened/selinux/selinux-handbook.xml

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

Revision 1.9 Revision 1.10
1<?xml version='1.0' encoding='UTF-8'?> 1<?xml version='1.0' encoding='UTF-8'?>
2<!DOCTYPE book SYSTEM "/dtd/book.dtd"> 2<!DOCTYPE book SYSTEM "/dtd/book.dtd">
3 3
4<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/proj/en/hardened/selinux/selinux-handbook.xml,v 1.9 2010/06/25 16:07:19 pebenito Exp $ --> 4<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/proj/en/hardened/selinux/selinux-handbook.xml,v 1.10 2011/03/26 23:29:55 zorry Exp $ -->
5 5
6<book link="selinux-handbook.xml"> 6<book link="selinux-handbook.xml" disclaimer="draft">
7<title>Gentoo SELinux Handbook</title> 7<title>Gentoo SELinux Handbook</title>
8 8
9<author title="Author"> 9<author title="Author">
10 <mail link="pebenito@gentoo.org">Chris PeBenito</mail> 10 <mail link="pebenito@gentoo.org">Chris PeBenito</mail>
11</author> 11</author>
12 12<author title="Author">
13 <mail link="sven.vermeulen@siphos.be">Sven Vermeulen</mail>
14</author>
13<author title="Author"> 15<author title="Author">
14 Chris Richards 16 Chris Richards
15</author> 17</author>
16 18
17<abstract> 19<abstract>
20 22
21<!-- The content of this document is licensed under the CC-BY-SA license --> 23<!-- The content of this document is licensed under the CC-BY-SA license -->
22<!-- See http://creativecommons.org/licenses/by-sa/1.0 --> 24<!-- See http://creativecommons.org/licenses/by-sa/1.0 -->
23<license/> 25<license/>
24 26
25<version>2.00</version> 27<version>3.00</version>
26<date>2006-10-15</date> 28<date>2010-12-01</date>
27 29
28<part> 30<part>
29<title>Installing Gentoo SELinux</title> 31<title>Introduction to Gentoo/Hardened SELinux</title>
30<abstract> 32<abstract>
31In this part you learn how to install Gentoo SELinux on your system. 33In this part we cover what SELinux is and how it is positioned within the
34Gentoo/Hardened project.
32</abstract> 35</abstract>
33 36
34<chapter> 37<chapter>
35<title>Gentoo SELinux Installation</title> 38<title>Enhancing Linux Security</title>
36<abstract> 39<abstract>
37How to do a fresh installation of Gentoo SELinux. 40Security is more than enabling a certain framework or installing a different
41Linux kernel. It is a way of working / administrating your Gentoo Linux system.
42We cover a few (generic) best practices, and then elaborate on what Mandatory
43Access Control is and how SELinux fills in this gap.
38</abstract> 44</abstract>
45 <include href="hb-intro-enhancingsecurity.xml"/>
46</chapter>
47
48<chapter>
49<title>SELinux Concepts</title>
50<abstract>
51To be able to properly work with SELinux, it is vital that you understand a few
52of its concepts like domains, domain transitions and file contexts. Without
53a basic understanding of these aspects, it will be difficult to understand
54how SELinux policies work and how to troubleshoot if things go wrong.
55</abstract>
56 <include href="hb-intro-concepts.xml"/>
57</chapter>
58
59<chapter>
60<title>The SELinux (Reference) Policy</title>
61<abstract>
62To streamline SELinux policy development, a reference policy is being developed
63that is used by all SELinux-supporting distributions. In this chapter we give
64some intel on what this reference policy is and why it is brought to life, but
65also how this policy functions and how its development is progressing. We also
66cover the basics on SELinux policies in general.
67</abstract>
68 <include href="hb-intro-referencepolicy.xml"/>
69</chapter>
70
71<!--
72 Removed for the time being, not critical.
73 Moved to next major version of handbook.
74
75<chapter>
76<title>SELinux Virtual Machine Support</title>
77<abstract>
78SELinux support is being actively integrated in libvirt and other
79virtualization frameworks to elevate the security of virtualized
80environments. Within this chapter we give you a first introduction
81on how this is done for libvirt managed environments and what you need to take
82into account if you wish to use SELinux within your virtualized environment.
83</abstract>
84 <include href="hb-intro-virtualization.xml"/>
85</chapter>
86-->
87</part>
88
89<part>
90<title>Using Gentoo/Hardened SELinux</title>
91<abstract>
92With the theoretic stuff behind us, let us start by installing Gentoo/Hardened
93with a SELinux kernel as well as the SELinux tools.
94</abstract>
95
96<chapter>
97<title>Gentoo SELinux Installation / Conversion</title>
98<abstract>
99To set up SELinux within Gentoo/Hardened, you first need to install Gentoo with
100the correct Hardened profile (or convert to the Hardened profile) and then
101update your system to become a SELinux-managed system. This chapter will guide
102you through this process.
103</abstract>
39 <include href="hb-install.xml"/> 104 <include href="hb-using-install.xml"/>
105</chapter>
106
107<chapter>
108<title>SELinux Commands</title>
109<abstract>
110Before we start with SELinux, we first take a step back and get to know a few
111commands. As we are currently running a SELinux enabled system (but in
112permissive mode) we can now get acquainted with the various SELinux-specific
113commands.
114</abstract>
115 <include href="hb-using-commands.xml"/>
116</chapter>
117
118<chapter>
119<title>Running in Permissive Mode</title>
120<abstract>
121Once SELinux is active, we first start by running the system in permissive mode.
122In this chapter, we tell you how to get acquainted with SELinux more in-depth
123with live command information, but without interfering with the standard access
124controls (i.e. in permissive mode).
125</abstract>
126 <include href="hb-using-permissive.xml"/>
127</chapter>
128
129<chapter>
130<title>Switching to Enforcing Mode</title>
131<abstract>
132Once you believe that the system can be ran in enforcing mode, we switch the
133system to verify if this is true. Once verified, the next step is to (re)boot in
134enforcing mode. Finally, if we are confident that the enforcing is working
135properly and that the system is still doing its job correctly, we fix the
136enforcing mode so that it cannot be disabled anymore.
137</abstract>
138 <include href="hb-using-enforcing.xml"/>
139</chapter>
140
141<chapter>
142<title>Adding SELinux Policy Modules</title>
143<abstract>
144Far from all packages where SELinux policy modules are available for have a
145corresponding package in Gentoo/Hardened. In this chapter, we help you to add
146more modules yourself or create your own modules for those packages that have no
147SELinux policies yet.
148</abstract>
149 <include href="hb-using-policymodules.xml"/>
40</chapter> 150</chapter>
41</part> 151</part>
42 152
43<part> 153<part>
44<title>Converting to Gentoo SELinux</title> 154<title>Appendices</title>
45<abstract> 155<abstract>
46SELinux alternatively can be installed on current Linux installations. This 156Additional resources and referenced materials within this book are mentioned in
47Chapter deals with converting a prexisting Gentoo install to SELinux. 157this appendix.
48</abstract> 158</abstract>
159
49<chapter> 160<chapter>
50<title>Initial preparations</title>
51<abstract>
52A few preparations must be done before installing SELinux packages.
53</abstract>
54 <include href="hb-selinux-conv-profile.xml"/>
55</chapter>
56<chapter>
57<title>Boot SELinux Kernel</title>
58<abstract>
59Install and boot a SELinux kernel.
60</abstract>
61 <include href="hb-selinux-conv-reboot1.xml"/>
62</chapter>
63<chapter>
64<title>Install SELinux Userland</title>
65<abstract>
66Install SELinux packages and policy, and label filesystems.
67</abstract>
68 <include href="hb-selinux-conv-reboot2.xml"/>
69</chapter>
70</part>
71
72<part>
73<title>Working with SELinux</title>
74<abstract>
75Learn how to work with SELinux
76</abstract>
77<chapter>
78<title>SELinux Overview</title>
79<abstract>
80SELinux has many parts to understand. This chapter discusses SELinux's
81important concepts and policy.
82</abstract>
83 <include href="hb-selinux-overview.xml"/>
84</chapter>
85<chapter>
86<title>SELinux HOWTO</title>
87<abstract>
88This chapter deals with how to common operations in SELinux.
89</abstract>
90 <include href="hb-selinux-howto.xml"/>
91</chapter>
92<chapter>
93<title>SELinux FAQ</title>
94<abstract>
95This chapter deals with frequently asked questions in SELinux.
96</abstract>
97 <include href="hb-selinux-faq.xml"/>
98</chapter>
99<chapter>
100<title>SELinux Management Infrastructure</title>
101<abstract>
102The chapter deals with managing SELinux using the management infrastructure.
103</abstract>
104 <include href="hb-selinux-libsemanage.xml"/>
105</chapter>
106<chapter>
107<title>Local Policy Modules</title>
108<abstract>
109The chapter deals with adding rules and new modules to your policy.
110</abstract>
111 <include href="hb-selinux-localmod.xml"/>
112</chapter>
113<chapter>
114<title>SELinux Reference Materials</title>
115<abstract>
116This has a list of external references on SELinux.
117</abstract>
118 <include href="hb-selinux-references.xml"/>
119</chapter>
120</part>
121
122<part>
123<title>Troubleshooting SELinux</title> 161<title>Troubleshooting SELinux</title>
124<abstract> 162<abstract>
125When encountering problems on a machine, SELinux can add extra difficulty 163Everything made by a human can and will fail. In this chapter we will try to
126in fixing the problem. This chapter walks through fixing common problems. 164keep track of all potential issues you might come across and how to resolve
165them.
127</abstract> 166</abstract>
167 <include href="hb-appendix-troubleshoot.xml"/>
168</chapter>
169
128<chapter> 170<chapter>
129<title>Policy Not Loaded on Boot</title> 171<title>SELinux Reference Material</title>
130<abstract> 172<abstract>
131This chapter deals with the problem of the policy not being loaded on boot. 173This Gentoo Hardened SELinux handbook gives a first introduction to SELinux and
174how it is integrated in Gentoo Hardened. But more seasoned administrators will
175most definitely want to read up on the more advanced uses (and managerial
176challenges) of SELinux - which we definitely recommend. A non-exhaustive list is
177compiled in this chapter.
132</abstract> 178</abstract>
133 <include href="hb-selinux-initpol.xml"/>
134</chapter>
135<chapter>
136<title>Trouble Logging in Locally</title>
137<abstract>
138This chapter deals with problems logging in locally at the console.
139</abstract>
140 <include href="hb-selinux-loglocal.xml"/>
141</chapter>
142<chapter>
143<title>Trouble Logging in Remotely</title>
144<abstract>
145This chapter deals with problems logging in remotely by ssh.
146</abstract>
147 <include href="hb-selinux-logremote.xml"/> 179 <include href="hb-appendix-reference.xml" />
148</chapter> 180</chapter>
149</part> 181</part>
150 182
151</book> 183</book>

Legend:
Removed from v.1.9  
changed lines
  Added in v.1.10

  ViewVC Help
Powered by ViewVC 1.1.20