SELinux Essentials
The SELinux Essentials course gives engineers the skills they need to develop complex policies for securing Linux-based devices using SELinux. Although Wind River Linux is used as the reference distribution in the lab environment, the tools and techniques covered are not specific to Wind River Linux.
Course Description
The SELinux Essentials course gives engineers the skills they need to develop complex policies for securing Linux-based devices using SELinux. Although Wind River Linux is used as the reference distribution in the lab environment, the tools and techniques covered are not specific to Wind River Linux.
After this course, participants will be able to perform the following:
- Describe SELinux concepts and terminology
- Use command-line tools to manage SELinux configuration
- Create and manage SELinux policies
- Troubleshoot SELinux policies
Products Supported
- OpenEmbedded/Yocto Project-based distributions
- Wind River Linux LTS
- The following targets are available: QEMU simulated target (Intel x86-64)
Course Format
- This two-day expert-led course consists of lectures and lab sessions.
- Attendees use a Wind River Linux LTS target to gain experience with the topics presented.
- Participants examine and exercise simulated network topologies in hands-on labs.
- Participants receive individual guidance from an expert engineer who has extensive experience with Linux technologies.
Audience
- Developers who want to learn more about securing Linux-based device
- Customers who have recently purchased or are considering purchasing Wind River Linux
Prerequisite Skills
- Basic understanding of operating systems
- Familiarity with the Linux operating system
- One year of experience working with and/or administering a Linux/UNIX system
Prerequisite Courses
- None
Related Courses
- Embedded Security Essentials
- Wind River Linux LTS CLI Essentials
Syllabus
Day 1
INTRODUCTION
- SELinux Background Information
- SELinux in the WR Linux Product Line
- DAC, MAC, RBAC
- MAC Implementations
- Linux Security: DAC, MAC, LSM
- LAB: Getting Started with SELinux
SELINUX AND MAC
- Type Enforcement (TE) Security Model
- SELinux Users and RBAC
- MLS and MCS Security Models
- LAB: Using SELinux Commands
SELINUX SECURITY CONTEXT
- What’s a Security Context?
- Policy and Access Control
- Type Enforcement
- RBAC
- MLS
- Domain transitions
- LAB: Understanding Security Contexts
SELINUX SECURITY POLICY
- The Reference Policy
- SELinux Booleans
- Policy Versions
- Wind River Linux Policy
- LAB: Using Boolean to Customize Security Policies
Day 2
SELINUX IDENTITY AND ROLES
- ISELinux users and Linux users
- Default identities
- SELinux and PAM
- Role switching
- Granting sensitivity/category to users
- LAB: Managing SELinux Users
SELINUX CONFIGURATION
- Configuration Files
- Logging and the Audit Daemon
- Configuring the Mode of SELinux
- LAB: Configuring an SELinux System
CREATING AND MANAGING SELINUX POLICY
- The Policy Development Environment
- Policy Configuration Files
- SELinux Policy Language
- Compiling Security modules
- Loading and Testing Security Modules
- Creating Policy Sets
- Making Changes Persist Across Boots
- LAB: Creating SELinux Modules
SELINUX TROUBLESHOOTING
- Root cause analysis
- Silent Denials
- Solutions
- Using Permissive Modes and Domains
- LAB: Using Audit Tools for Troubleshooting
COURSE DETAILS SUMMARY
- Duration: 2 Days
- Course Information: View
- Format: Lectures and Labs
- Type: Instructor-led