Red Hat System Administration - SELinux
Course Details | Find Out More |
---|---|
Code | SELINUX-LEE |
Tuition (CAD) | Array |
Tuition (USD) | Array |
This course will present the commands and methods needed to setup and control SELinux in a RHEL system. The course will also use a problem solving approach in the lab exercises to formulate solutions that would arise in day-to-day systems administration involving SELinux access.
Skills Gained
- On completion of this course, a systems administrator should be able to control SELinux operating modes; understand users, roles and types; configure SELinux for applications and services; write custom SELinux policies; and solve access denial situations.
Prerequisites
- It is assumed that the participant has successfully completed the Red Hat System Administration I and II (RH 124/134) courses, or has successfully completed the Red Hat RapidTrack (RH 199) course, or has equivalent system administration experience on a RHEL 8 or RHEL 9 server.
Course Content
SELinux Concepts
- definitions
- DAC (discretionary access control)
- MAC (mandatory access control)
- contexts
- policies
- benefits of SELinux (in enforcing mode)
- implementation in RHEL
SELinux Components
- context label
- user, role, type, security level
- contexts
- users, files, ports
- policy rules and levels
- sepolicy
- AVC (access vector cache)
- packages and tools
- states and modes
- enforcing, permissive, disabled
- setenforce, getenforce, sestatus
- /etc/selinux/config (file)
SELinux Users
- confined and unconfined users
- roles and access rights
- confined non-administrator roles
- confined administrator roles
- adding confined and unconfined mapped users
- semanage
Configuring SELinux for Applications and Services
- customizing SELinux policies for applications
- customizing SELinux policies for services
- using SELinux booleans to adjust policy
- viewing (getsebool)
- changing (temporary / permanent) (setsebool)
SELinux Access Operations
- changing context labels
- restoring context labels
- finding the correct SELinux type
- relabeling
- files,directories, hierarchies
- requested at boot time
- policies
- creating a policy from an access denial
- audit2allow
- adding a created policy
- policies
- creating a custom policy for a specific application
- adding a custom policy
- port mapping