Red Hat Enterprise SELinux Policy Administration Training Course

Cisco, Prince2, Microsoft, ITIL & ISEB IT Training Courses – CourseMonster

To speak to a training advisor please call

0800 40 848 40

training@coursemonster.co.uk

Show all Red Hat Courses

Scheduled Dates (sort by: location | date)

Request availability or book by selecting a date:

Greater London

London (EC4) 12/04/10 £ 1,980

London (EC4) 09/08/10 £ 1,980

England

Hampshire

Farnborough (GU14) 29/03/10 £ 1,980

Farnborough (GU14) 10/05/10 £ 1,980

Europe / International

Stockholm

Stockholm 19/07/10 £ 1,980

Prices exclude VAT.

No suitable dates?

I'd like a different date/location

Please click above and we will take care of the rest.

I’d like an onsite/bespoke course

Please click above and we will be happy to discuss the benefits of onsite and bespoke courses with you.

If suitable dates or locations are not available, click this link and we will arrange one for you

Course Overview

RHS429 introduces advanced system administrators, security administrators, and applications programmers to SELinux policy writing. Participants in this course will learn how SELinux works; how to manage SELinux; and how to write an SELinux policy. This class culiminates in a major project to scope out and then write policies for previously unprotected services.

RHS429 provides a four day tutorial on SELinux and SELinux policy writing. The first day of the course provides a introduction to SELinux, how it operates within the Red Hat targeted policy, and the tools used to manipulate it. The class then will spend the remaining days learning how policies are written, compiled, and debugged.

This culminates in a project in which participants will create a set of policies from scratch for a previously unprotected service. The class will analyze the service, determining its security needs; design and implement a set of policies; test and fix the policies; document the service's new policies so that others can effectively administer the service.

Audience

RHS429 is designed for computer security specialists and other system administrators responsible for setting and implementing security policies on a Linux computer. Applications programmers also may consider taking the course to understand how to provide a set of SELinux policies for third party applications.

Participants need not have indepth knowledge of SELinux, but should have a basic understanding of the SELinux security layer. For example, SELinux information as taught in RH133 or RH300 is sufficient.

This course has been classified as IT Technical Training.

Prerequisites

RHS429 requires RHCE-level skills. Prerequisite skills can be shown by passing the RHCE Exam in either RH302 or RH300, or by taking RH253 or by possessing comparable skills and knowledge.

Course Outline

Unit 1 - Introduction to SELinux

Discretionary Access Control vs. Mandatory Access Control
SELinux History and Architecture Overview
Elements of the SELinux security model:

user identity and role
domain and type
sensitivity and categories
security context

SELinux Policy and Red Hat's Targeted Policy
Configuring Policy with Booleans
Archiving
Setting and Displaying Extended Attributes
Hands-on Lab: Understanding SELinux

Unit 2 - Using SELinux

Controlling SELinux
File Contexts
Relabeling Files and Filesystems
Mount options
Hand-on Lab: Working with SELinux

Unit 3 - The Red Hat Targeted Policy

Identifying and Toggling Protected Services
Apache Security Contexts and Configuration Booleans
Name Service Contexts and Configuration Booleans
NIS Client Contexts
Other Services
File Context for Special Directory Trees
Troubleshooting and avc Denial Messages
setroubleshootd and Logging
Hands-on Lab: Understanding and Troubleshooting the Red Hat Targeted Policy

Unit 4 - Introduction to Policies

Policy Overview and Organization
Compiling and Loading the Monolithic Policy and Policy Modules
Policy Type Enforcement Module Syntax
Object Classes
Domain Transition
Hands-on Lab: Understanding policies

Unit 5 - Policy Utilities

Tools available for manipulating and analyzing policies

apol
seaudit and seaudit_report
checkpolicy
sepcut
sesearch
sestatus
audit2allow and audit2why
sealert
avcstat
seinfo
semanage and semodule
Man pages

Hands-on Lab: Exploring Utilities

Unit 6 - User and Role Security

Role-based Access Control
Multi Category Security
Defining a Security Administrator
Multi-Level Security
The strict Policy
User Identification and Declaration
Role Identification and Declaration
Roles in Use in Transitions
Role Dominance
Hands-on Lab: Implementing User and Role Based Policy Restrictions

Unit 7 - Anatomy of a Policy

Policy Macros
Type Attributes and Aliases
Type Transitions
When and How do Files Get Labeled
restorecond
Customizable Types
Hands-on Lab: Building Policies

Unit 8 - Manipulating Policies

Installing and Compiling Policies
The Policy Language
Access Vector
SELinux logs
Security Identifiers - SIDs
Filesystem Labeling Behavior
Context on Network Objects
Creating and Using New Booleans
Manipulating Policy by Example
Macros
Enableaudit
Hands-on Lab: Compiling Policies

Unit 9 - Project

Best practices
Create File Contexts, Types and Typealiases
Edit and Create Network Contexts
Edit and Create Domains
Hands-on Lab: Editing and Writing Policy

How to make a booking for the RH429 course

CourseMonster books thousands of public training courses, classes and boot camps both in London and throughout the UK including: Berkshire, Birmingham, Bristol, Bournemouth, Bucks, Cambridge, Derby, Devon, Edinburgh, Glasgow, Hampshire, Ipswich, Leeds, Leicester, Luton, Manchester, Middlesex, Milton Keynes, Norfolk, Nottingham, Reading, Surrey, Sussex, Tyne and Wear, Midlands and Yorkshire. Topics range from software to administration and development.