Advertisement
How to use SELINUX (No I don't mean turn it off)
How to use SELINUX (No I don't mean turn it off)
How to use SELINUX (No I don't mean turn it off)
How to use SELINUX (No I don't mean turn it off)
How to use SELINUX (No I don't mean turn it off)
How to use SELINUX (No I don't mean turn it off)
How to use SELINUX (No I don't mean turn it off)
How to use SELINUX (No I don't mean turn it off)
How to use SELINUX (No I don't mean turn it off)
How to use SELINUX (No I don't mean turn it off)
How to use SELINUX (No I don't mean turn it off)
How to use SELINUX (No I don't mean turn it off)
How to use SELINUX (No I don't mean turn it off)
How to use SELINUX (No I don't mean turn it off)
How to use SELINUX (No I don't mean turn it off)
How to use SELINUX (No I don't mean turn it off)
How to use SELINUX (No I don't mean turn it off)
How to use SELINUX (No I don't mean turn it off)
How to use SELINUX (No I don't mean turn it off)
How to use SELINUX (No I don't mean turn it off)
How to use SELINUX (No I don't mean turn it off)
How to use SELINUX (No I don't mean turn it off)
How to use SELINUX (No I don't mean turn it off)
How to use SELINUX (No I don't mean turn it off)
How to use SELINUX (No I don't mean turn it off)
How to use SELINUX (No I don't mean turn it off)
How to use SELINUX (No I don't mean turn it off)
How to use SELINUX (No I don't mean turn it off)
How to use SELINUX (No I don't mean turn it off)
How to use SELINUX (No I don't mean turn it off)
How to use SELINUX (No I don't mean turn it off)
How to use SELINUX (No I don't mean turn it off)
How to use SELINUX (No I don't mean turn it off)
How to use SELINUX (No I don't mean turn it off)

Check these out next

The SElinux Notebook :the foundations - Vol 1
The SElinux Notebook :the foundations - Vol 1
Eliel Prado
Security Enhanced Linux Overview
Security Enhanced Linux Overview
Emre Can Kucukoglu
chroot and SELinux
chroot and SELinux
Shay Cohen
SELinux basics
SELinux basics
Lubomir Rintel
SELinux for Everyday Users
SELinux for Everyday Users
PaulWay
How to not disable SELinux
How to not disable SELinux
Rémy Gottschalk
2009-08-11 IBM Teach the Teachers (IBM T3), Linux Security Overview
2009-08-11 IBM Teach the Teachers (IBM T3), Linux Security Overview
Shawn Wells
How Many Linux Security Layers Are Enough?
How Many Linux Security Layers Are Enough?
Michael Boelen
1 of 34

How to use SELINUX (No I don't mean turn it off)

Oct. 19, 2016
Download to read offline
Technology

Why do we turn off NSA-grade security features? Well early on, SELINUX was complex and confusing. However, the pains of dealing with SELINUX are long gone. In fact, the tools for working with SELINUX have long improved are now so easy, anyone can configure the security layer. Even one bad chmod on a server can leave you vulnerable. However, when SELINUX is running, rogue processes will be prevented from running havoc. You'll learn how easy it is to use SELINUX and how (with little effort) you can configure and troubleshoot this amazing security feature. Stop leaving gaps in your infrastructure and turn it back on.

Chuck Reeves
PHP Developer at Freelancer
Advertisement
Advertisement
Advertisement

Recommended

Introduction To SELinuxIntroduction To SELinux
Introduction To SELinuxRene Cunningham12.5K views45 slides
SelinuxSelinux
SelinuxMohitgupta8560126 views11 slides
SELinux Basic UsageSELinux Basic Usage
SELinux Basic UsageDmytro Minochkin918 views88 slides
SELinux introductionSELinux introduction
SELinux introductionMichael Nazzareno Trimarchi198 views64 slides
Understanding SELinux For the WinUnderstanding SELinux For the Win
Understanding SELinux For the Winbmbouter760 views39 slides
SelinuxSelinux
SelinuxAnkit Raj724 views14 slides

More Related Content

Slideshows for you(20)

The SElinux Notebook :the foundations - Vol 1The SElinux Notebook :the foundations - Vol 1
The SElinux Notebook :the foundations - Vol 1
Eliel Prado1.7K views
Security Enhanced Linux OverviewSecurity Enhanced Linux Overview
Security Enhanced Linux Overview
Emre Can Kucukoglu2.6K views
chroot and SELinuxchroot and SELinux
chroot and SELinux
Shay Cohen2.4K views
SELinux basicsSELinux basics
SELinux basics
Lubomir Rintel2.7K views
SELinux for Everyday UsersSELinux for Everyday Users
SELinux for Everyday Users
PaulWay12.8K views
How to not disable SELinuxHow to not disable SELinux
How to not disable SELinux
Rémy Gottschalk6.9K views
2009-08-11 IBM Teach the Teachers (IBM T3), Linux Security Overview2009-08-11 IBM Teach the Teachers (IBM T3), Linux Security Overview
2009-08-11 IBM Teach the Teachers (IBM T3), Linux Security Overview
Shawn Wells616 views
How Many Linux Security Layers Are Enough?How Many Linux Security Layers Are Enough?
How Many Linux Security Layers Are Enough?
Michael Boelen6.7K views
Kernel Recipes 2013 - Linux Security Modules: different formal conceptsKernel Recipes 2013 - Linux Security Modules: different formal concepts
Kernel Recipes 2013 - Linux Security Modules: different formal concepts
Anne Nicolas2.9K views
Linux security introduction Linux security introduction
Linux security introduction
Mohamed Gad2.3K views
Linux SecurityLinux Security
Linux Security
nayakslideshare2.2K views
Threats, Vulnerabilities & Security measures in LinuxThreats, Vulnerabilities & Security measures in Linux
Threats, Vulnerabilities & Security measures in Linux
Amitesh Bharti3.9K views
Linux Operating System VulnerabilitiesLinux Operating System Vulnerabilities
Linux Operating System Vulnerabilities
Information Technology7.3K views
Basic Linux SecurityBasic Linux Security
Basic Linux Security
pankaj0092.8K views
Security and Linux SecuritySecurity and Linux Security
Security and Linux Security
Rizky Ariestiyansyah7K views
Security, Hack1ng and Hardening on Linux - an OverviewSecurity, Hack1ng and Hardening on Linux - an Overview
Security, Hack1ng and Hardening on Linux - an Overview
Kaiwan Billimoria1.2K views
Introduction To Linux SecurityIntroduction To Linux Security
Introduction To Linux Security
Michael Boman1.4K views
2008 08-12 SELinux: A Key Component in Secure Infrastructures2008 08-12 SELinux: A Key Component in Secure Infrastructures
2008 08-12 SELinux: A Key Component in Secure Infrastructures
Shawn Wells185 views
Linux Network SecurityLinux Network Security
Linux Network Security
Amr Ali817 views
Ssh (The Secure Shell)Ssh (The Secure Shell)
Ssh (The Secure Shell)
Mehedi Farazi2.1K views

Similar to How to use SELINUX (No I don't mean turn it off)(20)

Null bhopal Sep 2016: What it Takes to Secure a Web ApplicationNull bhopal Sep 2016: What it Takes to Secure a Web Application
Null bhopal Sep 2016: What it Takes to Secure a Web Application
Anant Shrivastava4.1K views
Hardening cassandra q2_2016Hardening cassandra q2_2016
Hardening cassandra q2_2016
zznate870 views
Securing Cassandra for ComplianceSecuring Cassandra for Compliance
Securing Cassandra for Compliance
DataStax14.3K views
Introduction to ansibleIntroduction to ansible
Introduction to ansible
Dharmit Shah344 views
[Devconf.cz][2017] Understanding OpenShift Security Context Constraints[Devconf.cz][2017] Understanding OpenShift Security Context Constraints
[Devconf.cz][2017] Understanding OpenShift Security Context Constraints
Alessandro Arrichiello2.2K views
Installation guideInstallation guide
Installation guide
laonap166270 views
Avoid the Vendor Lock-in Trap (with App Deployment)Avoid the Vendor Lock-in Trap (with App Deployment)
Avoid the Vendor Lock-in Trap (with App Deployment)
Peter Bittner87 views
WordPress SecurityWordPress Security
WordPress Security
Jennifer Riehle McFarland532 views
Professional deploymentProfessional deployment
Professional deployment
Ivelina Dimova944 views
Redhat7 - Centos7 ClusterRedhat7 - Centos7 Cluster
Redhat7 - Centos7 Cluster
Iven Leni Fernandez374 views
Big data Analytics hands-on sessionsBig data Analytics hands-on sessions
Big data Analytics hands-on sessions
Praveen Hanchinal221 views
4 effective methods to disable se linux temporarily or permanently4 effective methods to disable se linux temporarily or permanently
4 effective methods to disable se linux temporarily or permanently
chinkshady864 views
ZenPack Development with Jane CurryZenPack Development with Jane Curry
ZenPack Development with Jane Curry
Zenoss1.1K views
Red Hat Linux 5 Hardening Tips - National Security AgencyRed Hat Linux 5 Hardening Tips - National Security Agency
Red Hat Linux 5 Hardening Tips - National Security Agency
sanchetanparmar936 views
Configuration Management and SaltConfiguration Management and Salt
Configuration Management and Salt
55020755 views
Introduction to WP-CLI: Manage WordPress from the command lineIntroduction to WP-CLI: Manage WordPress from the command line
Introduction to WP-CLI: Manage WordPress from the command line
Behzod Saidov100 views
Real-World DevOps — 20 Practical Developers Tips for Tightening Your Operatio...Real-World DevOps — 20 Practical Developers Tips for Tightening Your Operatio...
Real-World DevOps — 20 Practical Developers Tips for Tightening Your Operatio...
VictorSzoltysek72 views
Hadoop 2.4 installing on ubuntu 14.04Hadoop 2.4 installing on ubuntu 14.04
Hadoop 2.4 installing on ubuntu 14.04
baabtra.com - No. 1 supplier of quality freshers1.1K views
Lean Drupal Repositories with Composer and DrushLean Drupal Repositories with Composer and Drush
Lean Drupal Repositories with Composer and Drush
Pantheon1.6K views
R hive tutorial supplement 1 - Installing HadoopR hive tutorial supplement 1 - Installing Hadoop
R hive tutorial supplement 1 - Installing Hadoop
Aiden Seonghak Hong2K views
Advertisement

More from Chuck Reeves(9)

Stop multiplying by 4 LaraconStop multiplying by 4 Laracon
Stop multiplying by 4 Laracon
Chuck Reeves2.6K views
Stop multiplying by 4 Lone Star PHPStop multiplying by 4 Lone Star PHP
Stop multiplying by 4 Lone Star PHP
Chuck Reeves750 views
Single page Apps with Angular and ApigilitySingle page Apps with Angular and Apigility
Single page Apps with Angular and Apigility
Chuck Reeves923 views
Zend Framework FoundationsZend Framework Foundations
Zend Framework Foundations
Chuck Reeves666 views
Stop multiplying by 4 nyphpStop multiplying by 4 nyphp
Stop multiplying by 4 nyphp
Chuck Reeves586 views
Stop multiplying by 4 PHP Tour 2014Stop multiplying by 4 PHP Tour 2014
Stop multiplying by 4 PHP Tour 2014
Chuck Reeves1.3K views
Stop multiplying by 4: Practical Software EstimationStop multiplying by 4: Practical Software Estimation
Stop multiplying by 4: Practical Software Estimation
Chuck Reeves1.3K views
Software requirements and estimatesSoftware requirements and estimates
Software requirements and estimates
Chuck Reeves1.2K views
How x debug restored partial sanity to the insaneHow x debug restored partial sanity to the insane
How x debug restored partial sanity to the insane
Chuck Reeves316 views

Recently uploaded(20)

Carbon tech : transitional path way towards tomorrow ? 碳技術:通往明天的過渡道路Carbon tech : transitional path way towards tomorrow ? 碳技術:通往明天的過渡道路
Carbon tech : transitional path way towards tomorrow ? 碳技術:通往明天的過渡道路
Kevin Lognoné0 views
FFT Scan tutorial.pptxFFT Scan tutorial.pptx
FFT Scan tutorial.pptx
ssuser8f883c0 views
Pile&Wellfoundation_ManualUpdated as on 20.5.16.pdfPile&Wellfoundation_ManualUpdated as on 20.5.16.pdf
Pile&Wellfoundation_ManualUpdated as on 20.5.16.pdf
DharmPalJangra10 views
StructuralUncertainty_example.pptxStructuralUncertainty_example.pptx
StructuralUncertainty_example.pptx
ssuseref75f10 views
DesiradhaRam Gadde - Testers & Testing in ChatGPT-AI world.pptxDesiradhaRam Gadde - Testers & Testing in ChatGPT-AI world.pptx
DesiradhaRam Gadde - Testers & Testing in ChatGPT-AI world.pptx
QA or the Highway0 views
BridgeRule.pdfBridgeRule.pdf
BridgeRule.pdf
DharmPalJangra10 views
Les09.pptLes09.ppt
Les09.ppt
AlhassanFederated0 views
Lecture-7-Binary-Trees-and-Algorithms-11052023-054009pm.pptxLecture-7-Binary-Trees-and-Algorithms-11052023-054009pm.pptx
Lecture-7-Binary-Trees-and-Algorithms-11052023-054009pm.pptx
HamzaUsman480 views
Integration architectures based on Microservices, APIs and eventsIntegration architectures based on Microservices, APIs and events
Integration architectures based on Microservices, APIs and events
Sven Bernhardt0 views
Intro.pptIntro.ppt
Intro.ppt
RamaNingaiah0 views
Underexplored Opportunities in the Arabian Plate.pdfUnderexplored Opportunities in the Arabian Plate.pdf
Underexplored Opportunities in the Arabian Plate.pdf
ssuseref75f10 views
1 What is a computer_hardware.pptx1 What is a computer_hardware.pptx
1 What is a computer_hardware.pptx
julitolosbanos0 views
finalppt-150606051347-lva1-app6892.pptxfinalppt-150606051347-lva1-app6892.pptx
finalppt-150606051347-lva1-app6892.pptx
AJAYVISHALRP0 views
COUTH PRESENTATION for customers.pptxCOUTH PRESENTATION for customers.pptx
COUTH PRESENTATION for customers.pptx
MohamedAbdalhakam0 views
The era of spatial computing is here.docxThe era of spatial computing is here.docx
The era of spatial computing is here.docx
ssuserb36abd10 views
Declarative observability management for Microservice architecturesDeclarative observability management for Microservice architectures
Declarative observability management for Microservice architectures
Sven Bernhardt0 views
P4+ONOS SRv6 tutorial.pptxP4+ONOS SRv6 tutorial.pptx
P4+ONOS SRv6 tutorial.pptx
tampham612680 views
AIDRC Gitex Africa - Final edited_TL.pdfAIDRC Gitex Africa - Final edited_TL.pdf
AIDRC Gitex Africa - Final edited_TL.pdf
Thierry Lestable0 views
Exploring the Cutting-Edge Mobile App Development Technologies: A Look into t...Exploring the Cutting-Edge Mobile App Development Technologies: A Look into t...
Exploring the Cutting-Edge Mobile App Development Technologies: A Look into t...
aTeam soft solutions0 views
Process 84% more MySQL database activity with the latest-gen Dell PowerEdge R...Process 84% more MySQL database activity with the latest-gen Dell PowerEdge R...
Process 84% more MySQL database activity with the latest-gen Dell PowerEdge R...
Principled Technologies0 views
Advertisement

How to use SELINUX (No I don't mean turn it off)

  1. HOWTOUSE SELINUX CHUCK REEVES @MANCHUCK NO I DON'T MEAN TURN IT OFF
  2. ZendCon 2016 HOW TO USE SELINUX - NO I DON'T MEAN TURN IT OFF ABOUT ▸ Built using Kernel Modules ▸ More permissions than CRUD and Access ▸ Allows Multi-Level Security using BLP and Biba Models ▸ Permissions set on the inode instead of the file ▸ Mandatory Access Control (MAC)
  3. ZendCon 2016 HOW TO USE SELINUX - NO I DON'T MEAN TURN IT OFF
  4. ZendCon 2016 HOW TO USE SELINUX - NO I DON'T MEAN TURN IT OFF WHAT YOU NEED TO KNOW ▸ Each iNode is given a single context ▸ Each context identifies a user, role, type and level ▸ SELINUX then allows (or denies) access using the context with a policy ▸ Decision is cached in the Access Vector Cache (AVC) ▸ Decisions is made after the DAC access is checked
  5. ZendCon 2016 HOW TO USE SELINUX - NO I DON'T MEAN TURN IT OFF WHAT YOU NEED TO KNOW ▸ SELINUX manages: ▸ Users ▸ Sockets ▸ Memory ▸ Directories ▸ TCP/UDP connections
  6. ZendCon 2016 HOW TO USE SELINUX - NO I DON'T MEAN TURN IT OFF PROCESS TYPES ▸ Confined ▸ Runs in own domain (role) ▸ Resources are limited to the roles and policy ▸ Un-Confined ▸ fallback to the DAC policies
  7. ZendCon 2016 HOW TO USE SELINUX - NO I DON'T MEAN TURN IT OFF CONTEXTS ▸ Policy checks context of inode for access ▸ "If a process is running with <context_foo> then anything with <context_foo_type> is allowed access" ▸ Four parts: user, role, type and level (optional)
  8. ZendCon 2016 HOW TO USE SELINUX - NO I DON'T MEAN TURN IT OFF CONTEXTS ▸ Set automatically based on the parent context (mostly) ▸ RPM ▸ Management tools (ansible, chef, puppet) ▸ When a File transitions (moving an uploaded file) ▸ By the sysadmin with chcon, restorecon
  9. ZendCon 2016 HOW TO USE SELINUX - NO I DON'T MEAN TURN IT OFF FINDING CONTEXT ls -alZ /home
  10. ZendCon 2016 HOW TO USE SELINUX - NO I DON'T MEAN TURN IT OFF FINDING CONTEXT ps -Z
  11. ZendCon 2016 HOW TO USE SELINUX - NO I DON'T MEAN TURN IT OFF BOOLEANS ▸ On off settings for policies ▸ Allow HTTPD to make network connections ▸ Allow FTP to access home directories ▸ Overcomes issues with over labeling contexts
  12. ZendCon 2016 HOW TO USE SELINUX - NO I DON'T MEAN TURN IT OFF TURNING IT BACK ON ▸ TARGETED ▸ PERMISSIVE ▸ DISABLED (You already know this one)
  13. ZendCon 2016 HOW TO USE SELINUX - NO I DON'T MEAN TURN IT OFF TURNING IT BACK ON <edit> /etc/selinux/config
  14. ZendCon 2016 HOW TO USE SELINUX - NO I DON'T MEAN TURN IT OFF TURNING IT BACK ON sudo yum install setroubleshoot setroubleshoot-server sudo service auditd restart
  15. ZendCon 2016 HOW TO USE SELINUX - NO I DON'T MEAN TURN IT OFF TURNING IT BACK ON ls -alZ sudo touch /.autorelabel
  16. ZendCon 2016 HOW TO USE SELINUX - NO I DON'T MEAN TURN IT OFF TURNING IT BACK ON ls -alZ
  17. ZendCon 2016 HOW TO USE SELINUX - NO I DON'T MEAN TURN IT OFF
  18. ZendCon 2016 HOW TO USE SELINUX - NO I DON'T MEAN TURN IT OFF
  19. ZendCon 2016 TEXT TROUBLESHOOTING EXAMPLE: DATABASE tail -f /var/log/audit/audit.log
  20. ZendCon 2016 TEXT TROUBLESHOOTING EXAMPLE: DATABASE tail -f /var/log/messages
  21. ZendCon 2016 TEXT TROUBLESHOOTING EXAMPLE: DATABASE sealert -l <message id>
  22. ZendCon 2016 HOW TO USE SELINUX - NO I DON'T MEAN TURN IT OFF BOOLEANS setsebool -P httpd_can_network_connect 1
  23. ZendCon 2016 HOW TO USE SELINUX - NO I DON'T MEAN TURN IT OFF BOOLEANS semanage boolean -l | grep httpd_enable_ftp_server
  24. ZendCon 2016 HOW TO USE SELINUX - NO I DON'T MEAN TURN IT OFF BOOLEANS getsebool -a getsebool <boolean>
  25. ZendCon 2016 HOW TO USE SELINUX - NO I DON'T MEAN TURN IT OFF BOOLEANS semanage boolean -l | grep httpd_enable_ftp_server
  26. ZendCon 2016 TEXT TROUBLESHOOTING EXAMPLE: FILE UPLOAD ls -Z
  27. ZendCon 2016 TEXT TROUBLESHOOTING EXAMPLE: FILE UPLOAD sealert -l <message id>
  28. ZendCon 2016 HOW TO USE SELINUX - NO I DON'T MEAN TURN IT OFF SETTING CONTEXT chcon -R -t httpd_sys_content_t web/ ls -Z web
  29. ZendCon 2016 HOW TO USE SELINUX - NO I DON'T MEAN TURN IT OFF SETTING CONTEXT mkdir web/ touch web/file{1,2,3} ls -Z web
  30. ZendCon 2016 HOW TO USE SELINUX - NO I DON'T MEAN TURN IT OFF
  31. ZendCon 2016 HOW TO USE SELINUX - NO I DON'T MEAN TURN IT OFF
  32. ZendCon 2016 HOW TO USE SELINUX - NO I DON'T MEAN TURN IT OFF
  33. ZendCon 2016 HOW TO USE SELINUX - NO I DON'T MEAN TURN IT OFF RESOURCES ▸ RedHat Documentation for SELINUX: https://access.redhat.com/ documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security- Enhanced_Linux/index.html ▸ Servers for Hackers, Batteling SELINUX: https://serversforhackers.com/video/ battling-selinux-cast ▸ SELinux For Mere Mortals: https://www.youtube.com/watch?v=MxjenQ31b70
  34. THANKS CHUCK REEVES @MANCHUCK
Advertisement