Muutke küpsiste eelistusi

E-raamat: SELinux by Example: Using Security Enhanced Linux

3.65/5 (52 hinnangut Goodreads-ist)
, ,
  • Formaat: EPUB+DRM
  • Ilmumisaeg: 27-Jul-2006
  • Kirjastus: Prentice Hall
  • Keel: eng
  • ISBN-13: 9780132704588
Teised raamatud teemal:
  • Formaat - EPUB+DRM
  • Hind: 21,45 €*
  • * hind on lõplik, st. muud allahindlused enam ei rakendu
  • Lisa ostukorvi
  • Lisa soovinimekirja
  • See e-raamat on mõeldud ainult isiklikuks kasutamiseks. E-raamatuid ei saa tagastada.
SELinux by Example: Using Security Enhanced LinuxSuurem pilt
  • Formaat: EPUB+DRM
  • Ilmumisaeg: 27-Jul-2006
  • Kirjastus: Prentice Hall
  • Keel: eng
  • ISBN-13: 9780132704588
Teised raamatud teemal:

DRM piirangud

  • Kopeerimine (copy/paste):

    ei ole lubatud

  • Printimine:

    ei ole lubatud

  • Kasutamine:

    Digitaalõiguste kaitse (DRM)
    Kirjastus on väljastanud selle e-raamatu krüpteeritud kujul, mis tähendab, et selle lugemiseks peate installeerima spetsiaalse tarkvara. Samuti peate looma endale  Adobe ID Rohkem infot siin. E-raamatut saab lugeda 1 kasutaja ning alla laadida kuni 6'de seadmesse (kõik autoriseeritud sama Adobe ID-ga).

    Vajalik tarkvara
    Mobiilsetes seadmetes (telefon või tahvelarvuti) lugemiseks peate installeerima selle tasuta rakenduse: PocketBook Reader (iOS / Android)

    PC või Mac seadmes lugemiseks peate installima Adobe Digital Editionsi (Seeon tasuta rakendus spetsiaalselt e-raamatute lugemiseks. Seda ei tohi segamini ajada Adober Reader'iga, mis tõenäoliselt on juba teie arvutisse installeeritud )

    Seda e-raamatut ei saa lugeda Amazon Kindle's. 

SELinux: Bring World-Class Security to Any Linux Environment!

 

SELinux offers Linux/UNIX integrators, administrators, and developers a state-of-the-art platform for building and maintaining highly secure solutions. Now that SELinux is included in the Linux 2.6 kerneland delivered by default in Fedora Core, Red Hat Enterprise Linux, and other major distributionsits easier than ever to take advantage of its benefits.

 

SELinux by Example is the first complete, hands-on guide to using SELinux in production environments. Authored by three leading SELinux researchers and developers, it illuminates every facet of working with SELinux, from its architecture and security object model to its policy language. The book thoroughly explains SELinux sample policies including the powerful new Reference Policyshowing how to quickly adapt them to your unique environment. It also contains a comprehensive SELinux policy language reference and covers exciting new features in Fedora Core 5 and the upcoming Red Hat Enterprise Linux version 5.

 

Thoroughly understand SELinuxs access control and security mechanisms

Use SELinux to construct secure systems from the ground up

Gain fine-grained control over kernel resources

Write policy statements for type enforcement, roles, users, and constraints



Use optional multilevel security to enforce information classification and manage users with diverse clearances

Create conditional policies that can be changed on-the-fly

Define, manage, and maintain SELinux security policies

Develop and write new SELinux security policy modules

Leverage emerging SELinux technologies to gain even greater flexibility

Effectively administer any SELinux system

Arvustused

"The three authors are well versed in the topic and comprise the best team to write on SELinux that you could find. Even though it is written as a straightforward text - as opposed to a study guide - I appreciate how each chapter ends with a summary and then exercises to reinforce what you've just finished reading. "--Emmett Dulaney, Editor, UnixReview.com

 

"This is a very good book and is easily the best I've seen yet on the subject of SELinux. If you've been tasked with maintaining an SELinux-enabled machine, would like to write or enhance existing SELinux policy, or just want to understand what SELinux is and how it came to be, then this is the book for you. "--Ryan Maple, Reviewer, LinuxSecurity.com

Muu info

SELinux is the access control system developed by the NSA. It is a relatively new technology that has been included in the 2.6 kernel. More importantly, SELinux is becoming a central security mechanism in various distributions, including the recently released Red Hat Enterprise Linux 4. Mayer et al. will help the reader to: understand the purpose of the new security technology SELinux brings to Linux; learn the reference for all aspects of SELinux security policy language; manage and maintain security of SELinux-based distributions such as Red Hat REL4; develop and write new SELinux security policy modules; and understand how to use SELinux to build secure systems.
Part I SELinux Overview
1(56)
Background
3(12)
The Inevitability of Software Failure
4(1)
The Evolution of Access Control Security in Operating Systems
5(8)
The Reference Monitor Concept
6(1)
The Problem with Discretionary Access Control
7(1)
The Origins of Mandatory Access Control
8(2)
A Better Form of Mandatory Access Control
10(1)
The Evolution of SELinux
11(2)
Summary
13(2)
Exercises
13(2)
Concepts
15(24)
Security Contexts for Type Enforcement
16(3)
Comparing SELinux with Standard Linux
17(1)
More on Security Contexts
18(1)
Type Enforcement Access Control
19(10)
Type Enforcement by Example
21(1)
The Problem of Domain Transitions
22(1)
Review of SetUID Programs in Standard Linux Security
23(2)
Domain Transitions
25(3)
Default Domain Transitions: type_transition Statement
28(1)
The Role of Roles
29(2)
Multilevel Security in SELinux
31(1)
SELinux Features Familiarization
32(4)
Revisiting the Passwd Example
33(1)
Perusing the Policy File
34(2)
Summary
36(3)
Exercises
37(2)
Architecture
39(18)
The Kernel Architecture
40(3)
LSM Framework
40(2)
SELinux LSM Module
42(1)
Userspace Object Managers
43(4)
Kernel Support for Userspace Object Managers
44(1)
Policy Server Architecture
45(2)
SELinux Policy Language
47(6)
The Native SELinux Policy Language Compiler
48(2)
Source Policy Modules in a Monolithic Policy
50(1)
Loadable Policy Modules
50(1)
Building and Installing Monolithic Policies
51(2)
Summary
53(4)
Exercises
54(3)
Part II SELinux Policy Language
57(180)
Object Classes and Permissions
59(30)
Purpose of Object Classes in SELinux
60(1)
Defining Object Classes in SELinux Policy
61(6)
Declaring Object Classes
62(1)
Declaring and Associating Object Class Permissions
63(4)
Available Object Classes
67(6)
File-Related Object Classes
67(2)
Network-Related Object Classes
69(3)
System V IPC Object Classes
72(1)
Miscellaneous Object Classes
73(1)
Object Class Permission Examples
73(11)
File Object Class Permissions
74(4)
Process Object Class Permissions
78(6)
Exploring Object Classes with Apol
84(2)
Summary
86(3)
Exercises
87(2)
Type Enforcement
89(40)
Type Enforcement
90(1)
Types, Attributes, and Aliases
91(9)
Declaring Types
92(1)
Types and Attributes
93(1)
Associating Types and Attributes
94(4)
Aliases
98(2)
Access Vector Rules
100(15)
Common AV Rule Syntax
100(8)
Allow Rules
108(1)
Audit Rules
109(2)
Neverallow Rules
111(4)
Type Rules
115(7)
Common Type Rule Syntax
115(2)
Type Transition Rules
117(4)
Type Change Rules
121(1)
Exploring Type Enforcement Rules with Apol
122(5)
Summary
127(2)
Exercises
128(1)
Roles and Users
129(20)
Role-Based Access Control in SELinux
130(5)
Overview of RBAC in SELinux
130(2)
Managing User Privileges with Roles
132(3)
Users and Roles in Object Security Contexts
135(1)
Roles and Role Statements
135(5)
Role Declaration Statement
135(2)
Role Allow Rules
137(1)
Role Transition Rules
138(1)
Role Dominance Statement
138(2)
Users and User Statements
140(4)
Declaring Users and Associating Roles
141(1)
Mapping Linux Users to SELinux Users
142(2)
Exploring Roles and Users with Apol
144(2)
Summary
146(3)
Exercises
147(2)
Constraints
149(14)
A Closer Look at the Access Decision Algorithm
150(2)
Constrain Statement
152(5)
Label Transition Constraints
157(4)
Summary
161(2)
Exercises
161(2)
Multilevel Security
163(20)
Multilevel Security Constraints
164(1)
Security Contexts with MLS
165(5)
Defining Security Levels
165(4)
MLS Extensions to Security Contexts
169(1)
MLS Constraints
170(9)
mlsconstrain Statement
170(5)
mlsvalidatetrans Statement
175(4)
Other Impacts of MLS
179(1)
Summary
180(3)
Exercises
181(2)
Conditional Policies
183(22)
Overview of Conditional Policies
184(1)
Boolean Variables
185(6)
Defining Boolean Variables
185(1)
Managing Booleans in a Running System
186(3)
Persistent Changes to Boolean Values
189(2)
Conditional Statements
191(7)
Conditional Expressions and Rule Lists
192(4)
Conditional Statement Limitations
196(2)
Examining Booleans and Conditional Policies with Apol
198(4)
Summary
202(3)
Exercises
203(2)
Object Labeling
205(32)
Introduction to Object Labeling
206(2)
File-Related Object Labeling
208(13)
Extended Attribute Filesystems (fs_use_xattr)
211(5)
Task-Based Filesystems (fs_use_task)
216(1)
Transition-Based Filesystems (fs_use_trans)
216(1)
Generalized Security Context Labeling (genfscon)
217(4)
Network and Socket Object Labeling
221(7)
Network Interface Labeling (netifcon)
222(1)
Network Node Labeling (nodecon)
223(2)
Network Port Labeling (portcon)
225(2)
Socket Labeling
227(1)
System V IPC
228(1)
Miscellaneous Object Labeling
228(2)
Capability Object Labeling
229(1)
Process Object Labeling
229(1)
System and Security Object Labeling
230(1)
Initial Security Identifiers
230(3)
Exploring Object Labeling with Apol
233(2)
Summary
235(2)
Exercises
236(1)
Part III Creating and Writing SELinux Security Policies
237(126)
Original Example Policy
239(26)
Methods for Managing the Build Process
240(2)
Strict Example Policy
242(19)
Overview of Policy Source File Structure
244(8)
Examining an Example Policy Module
252(6)
Build Options for Strict Example Policy
258(3)
Targeted Example Policy
261(1)
Summary
262(3)
Exercises
263(2)
Reference Policy
265(30)
Goals of the Reference Policy
266(2)
Overview of Policy Source File Structure
268(3)
Build and Support Files
268(1)
Core Policy Files
269(2)
Design Principles
271(10)
Layering
271(1)
Modularity
272(9)
Examining a Reference Policy Module
281(6)
Build Options for Reference Policy
287(4)
The build.conf File
287(2)
The modules.conf File
289(2)
Summary
291(4)
Exercises
292(3)
Managing an SELinux System
295(30)
SELinux Configuration and Policy Management Files
296(11)
The SELinux Configuration File (/etc/selinux/config)
296(3)
The Policy Directories
299(8)
Impact of SELinux on System Administration
307(16)
Managing Users
307(5)
Understanding Audit Messages
312(6)
Fixing Problems: File-Related Object Labeling
318(5)
Managing Multiple Policies
323(1)
Summary
323(2)
Exercises
324(1)
Writing Policy Modules
325(38)
Overview of Writing a Policy Module
326(1)
Preparation and Planning
327(5)
Gathering Application Information
327(1)
Creating a Test Environment
328(4)
Specifying Security Goals
332(1)
Creating an Initial Policy Module
332(17)
Creating Policy Module Files
333(1)
Declaring Types
333(4)
Allowing Initial Restrictive Access
337(5)
Allowing Domain Transitions and Authorizing Roles
342(1)
Integrating into the System Policy
343(2)
Creating the Labeling Policy
345(2)
Applying the Policy
347(2)
Testing and Analyzing the Policy
349(6)
Testing the Policy Module
349(5)
Policy Analysis
354(1)
Emerging Policy Development Tools
355(1)
Complete IRC Daemon Module Listings
355(7)
Summary
362(1)
Appendix A Obtaining SELinux Sample Policies
363(6)
Example Policy
364(3)
Example Policy from Upstream SELinux Sites
364(1)
Strict and Targeted Policies for Fedora Core 4
365(1)
Red Hat Enterprise Linux 4 (RHEL4)
366(1)
Fedora Core Experimental and Test Policies
367(1)
Reference Policy
367(2)
Primary Reference Policy
368(1)
Red Hat's Fedora Core 5 Reference Policy
368(1)
Appendix B Participation and Further Information
369(6)
The SELinux Mail List
370(1)
The Annual SELinux Symposium
370(1)
The NSA
371(1)
Tresys Technology
371(1)
Open Source Projects
371(1)
The SELinux IRC Channel
372(1)
The Fedora Core Site
372(1)
Hardened Gentoo
372(1)
Other Related Security Information
373(2)
Appendix C Object Classes and Permissions
375(26)
Common Permission Sets
376(3)
Object Classes and Defined Permission Sets
379(22)
File-Related Object Classes
379(4)
Network and Socket Object Classes
383(8)
System V IPC-Related Object Classes
391(1)
Miscellaneous Object Classes
392(9)
Appendix D SELinux Commands and Utilities
401(8)
System Utilities
402(4)
Policy Tools
402(1)
SELinux Status Information
403(1)
Security Context Labeling
404(1)
Security Context Changing Utilities
405(1)
SELinux Modified Commands
405(1)
Policy Module Manual Pages
406(1)
SETools Suite
406(2)
Other SELinux Tools
408(1)
Index 409


Frank Mayer is cofounder and Chief Technology Officer of Tresys Technology, and has 23 years of experience in the design, development, and analysis of secure oper­ating systems. He has been an active contributor to SELinux for six years, and has initiated and participated in the development of many new SELinux innovations and tools. He also chairs the annual SELinux Symposium. Frank has published many papers on secure and trustworthy operating systems, and has also explored security in parallel computing, networks, and enterprise applications.

Karl MacMillan is an active contributor in the SELinux community and has led the development of many important SELinux features. He is also a sought after speaker and consultant, and has helped many individuals and organizations under­stand and apply strong computer security with SELinux. Previous to his work on SELinux, Karl made important contributions in the fields of pattern recognition and evolutionary computing as applied to document and audio recognition, where he has numerous published papers.

David Caplan is a senior security engineer at Tresys Technology with over 20 years of experience in computer security and a wide range of other programming- and software-related areas. He has worked with SELinux for six years as a contributor to many of the SELinux-related open source projects and has led multiple efforts in analyzing and constructing SELinux policy for a variety of systems.
Lisainfo e-raamatute kohta Lisainfo e-raamatute kohta
Püsilink: https://www.kriso.ee/db/97801327045886e.html
Märksõnad: