Get Support
+

We'd love to work with you!

By answering these 7 questions, we can find out if we're a match

Red Hat System Administration - SELinux

Course Details Find Out More
Code SELINUX-LEE
Tuition (CAD) Array
Tuition (USD) Array

This course will present the commands and methods needed to setup and control SELinux in a RHEL system. The course will also use a problem solving approach in the lab exercises to formulate solutions that would arise in day-to-day systems administration involving SELinux access.

Skills Gained

  • On completion of this course, a systems administrator should be able to control SELinux operating modes; understand users, roles and types; configure SELinux for applications and services; write custom SELinux policies; and solve access denial situations.

Prerequisites

  • It is assumed that the participant has successfully completed the Red Hat System Administration I and II (RH 124/134) courses, or has successfully completed the Red Hat RapidTrack (RH 199) course, or has equivalent system administration experience on a RHEL 8 or RHEL 9 server.

Course Content

SELinux Concepts

  • definitions
  • DAC (discretionary access control)
  • MAC (mandatory access control)
  • contexts
  • policies
  • benefits of SELinux (in enforcing mode)
  • implementation in RHEL

SELinux Components

  • context label
  • user, role, type, security level
  • contexts
  • users, files, ports
  • policy rules and levels
  • sepolicy
  • AVC (access vector cache)
  • packages and tools
  • states and modes
  • enforcing, permissive, disabled
  • setenforce, getenforce, sestatus
  • /etc/selinux/config (file)

SELinux Users

  • confined and unconfined users
  • roles and access rights
  • confined non-administrator roles
  • confined administrator roles
  • adding confined and unconfined mapped users
  • semanage

Configuring SELinux for Applications and Services

  • customizing SELinux policies for applications
  • customizing SELinux policies for services
  • using SELinux booleans to adjust policy
  • viewing (getsebool)
  • changing (temporary / permanent) (setsebool)

SELinux Access Operations

  • changing context labels
  • restoring context labels
  • finding the correct SELinux type
  • relabeling
  • files,directories, hierarchies
  • requested at boot time
  • policies
  • creating a policy from an access denial
  • audit2allow
  • adding a created policy
  • policies
  • creating a custom policy for a specific application
  • adding a custom policy
  • port mapping

Find Out More

  • This field is for validation purposes and should be left unchanged.