Skip to main content
USENIX
  • Conferences
  • Students
Sign in
  • LISA '12 Home
  • Registration Information
  • Registration Discounts
  • Organizers
  • At a Glance
  • Calendar
  • Conference Themes
  • Training Program
    • Live Streaming
  • Technical Sessions
  • Workshops
  • Data Storage Day
  • ION San Diego
  • Posters
  • Birds-of-a-Feather Sessions
  • Exhibition
  • Sponsors
  • Activities
  • Why Attend?
  • Hotel and Travel Information
  • Services
  • Students and Grants
  • Questions?
  • Help Promote
  • Flyer PDF
  • Brochure PDF
  • For Participants
  • Call for Participation
  • Past Proceedings

sponsors

Diamond Sponsor
Diamond Sponsor
Gold Sponsor
Gold Sponsor
Silver Sponsor
Silver Sponsor
Silver Sponsor
Bronze Sponsor
Bronze Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Media Sponsor

twitter

Tweets by @LISAConference

usenix conference policies

  • Event Code of Conduct
  • Conference Network Policy
  • Statement on Environmental Responsibility Policy

You are here

Home » SELinux (Security-Enhanced Linux)
Tweet

connect with us

http://twitter.com/usenix
https://www.facebook.com/events/280256018711626/
http://www.linkedin.com/groups/USENIX-Association-49559/about
http://www.youtube.com/user/USENIXAssociation

SELinux (Security-Enhanced Linux)

Full Day
(9:00 am-5:00 pm)

Nautilus 4

M1
Rik Farrow, Security Consultant
Description: 

SELinux provides an extra layer of security for most Linux systems—if you leave it enabled. Most commonly, SELinux gets disabled as the first step when debugging system problems, even when it is not the problem. SELinux can stop many attacks, even previously unknown (zero-day) attacks, as it confines applications' access to files, directories, commands, and network sockets.

This class will show you how to work with SELinux: how to determine if SELinux is blocking an application and how to adjust policy to move beyond problems. SELinux includes many tools for viewing audit logs, file and process contexts, modifying policy, and even interpreting log messages, and you will learn how to use these tools. You will learn how to modify file contexts, add new policy, monitor logs both graphically and in text-only mode, and, most importantly, how to recover full SELinux coverage on systems where it has been disabled. The class will cover reading and modifying existing policy where necessary, so that changes to services, such as non-standard directory locations, are accommodated. The class will also investigate adding new, custom services to SELinux policy.

This class includes exercises that will be performed using a provided VM.

 

Who should attend: 

Linux system administrators and security managers who want or are required to use SELinux. Participants must be familiar with Linux system administration; previous frustration with SELinux is expected but not required.

Take back to work: 

The ability to run Linux servers and desktops with SELinux enabled and to modify policy to handle configurations not supported by the default policy.

Topics include: 
  • SELinux uncloaked
    • Types, contexts, and roles
    • Context-based policy
    • Extensions to familiar commands
    • Using the sandbox command
  • Using the audit file
    • Tools for deciphering audit messages
    • Searching audit messages
    • Using setroubleshoot
  • Adjusting file/directory context
    • Fixing common access problems
  • Using Booleans to adjust policy
  • Extending policy
    • Using audit2allow to correct policy
    • Using sepolgen to create new policies
    • Restricting users
    • SELinux rule syntax
    • Understanding and using macros

 

Diamond Sponsors

Gold Sponsors

Silver Sponsors

Bronze Sponsors

Media Sponsors & Industry Partners

© USENIX

LISA is a registered trademark of the USENIX Association.

  • Privacy Policy
  • Contact Us