SELinux Essentials

SELinux Essentials

The SELinux Essentials course gives engineers the skills they need to develop complex policies for securing Linux-based devices using SELinux. Although Wind River Linux is used as the reference distribution in the lab environment, the tools and techniques covered are not specific to Wind River Linux.

Subscribe
Cancel Apply

rate limit

Code not recognized.

About this course

SELINUX ESSENTIALS

Buy Now

Course Description

The SELinux Essentials course gives engineers the skills they need to develop complex policies for securing Linux-based devices using SELinux. Although Wind River Linux is used as the reference distribution in the lab environment, the tools and techniques covered are not specific to Wind River Linux.

After this course, participants will be able to perform the following:

  • Describe SELinux concepts and terminology
  • Use command-line tools to manage SELinux configuration
  • Create and manage SELinux policies
  • Troubleshoot SELinux policies

Products Supported

  • OpenEmbedded/Yocto Project-based distributions
  • Wind River Linux LTS
  • The following targets are available: QEMU simulated target (Intel x86-64)

Course Format

  • This two-day expert-led course consists of lectures and lab sessions.
  • Attendees use a Wind River Linux LTS target to gain experience with the topics presented.
  • Participants examine and exercise simulated network topologies in hands-on labs.
  • Participants receive individual guidance from an expert engineer who has extensive experience with Linux technologies.

Audience

  • Developers who want to learn more about securing Linux-based device
  • Customers who have recently purchased or are considering purchasing Wind River Linux

Prerequisite Skills

  • Basic understanding of operating systems
  • Familiarity with the Linux operating system
  • One year of experience working with and/or administering a Linux/UNIX system

Prerequisite Courses

  • None

Related Courses

  • Embedded Security Essentials
  • Wind River Linux LTS CLI Essentials

Syllabus

Day 1

INTRODUCTION

  • SELinux Background Information
  • SELinux in the WR Linux Product Line
  • DAC, MAC, RBAC
  • MAC Implementations
  • Linux Security: DAC, MAC, LSM
  • LAB: Getting Started with SELinux

SELINUX AND MAC

  • Type Enforcement (TE) Security Model
  • SELinux Users and RBAC
  • MLS and MCS Security Models
  • LAB: Using SELinux Commands

SELINUX SECURITY CONTEXT

  • What’s a Security Context?
  • Policy and Access Control
  • Type Enforcement
  • RBAC
  • MLS
  • Domain transitions
  • LAB: Understanding Security Contexts

SELINUX SECURITY POLICY

  • The Reference Policy
  • SELinux Booleans
  • Policy Versions
  • Wind River Linux Policy
  • LAB: Using Boolean to Customize Security Policies

Day 2

SELINUX IDENTITY AND ROLES

  • ISELinux users and Linux users
  • Default identities
  • SELinux and PAM
  • Role switching
  • Granting sensitivity/category to users
  • LAB: Managing SELinux Users

SELINUX CONFIGURATION

  • Configuration Files
  • Logging and the Audit Daemon
  • Configuring the Mode of SELinux
  • LAB: Configuring an SELinux System

CREATING AND MANAGING SELINUX POLICY

  • The Policy Development Environment
  • Policy Configuration Files
  • SELinux Policy Language
  • Compiling Security modules
  • Loading and Testing Security Modules
  • Creating Policy Sets
  • Making Changes Persist Across Boots
  • LAB: Creating SELinux Modules

SELINUX TROUBLESHOOTING

  • Root cause analysis
  • Silent Denials
  • Solutions
  • Using Permissive Modes and Domains
  • LAB: Using Audit Tools for Troubleshooting
Buy Now

COURSE DETAILS SUMMARY

  • Duration: 2 Days
  • Course Information: View
  • Format: Lectures and Labs
  • Type: Instructor-led

COURSE SCHEDULE

CONTACT US

About this course

SELINUX ESSENTIALS

Buy Now

Course Description

The SELinux Essentials course gives engineers the skills they need to develop complex policies for securing Linux-based devices using SELinux. Although Wind River Linux is used as the reference distribution in the lab environment, the tools and techniques covered are not specific to Wind River Linux.

After this course, participants will be able to perform the following:

  • Describe SELinux concepts and terminology
  • Use command-line tools to manage SELinux configuration
  • Create and manage SELinux policies
  • Troubleshoot SELinux policies

Products Supported

  • OpenEmbedded/Yocto Project-based distributions
  • Wind River Linux LTS
  • The following targets are available: QEMU simulated target (Intel x86-64)

Course Format

  • This two-day expert-led course consists of lectures and lab sessions.
  • Attendees use a Wind River Linux LTS target to gain experience with the topics presented.
  • Participants examine and exercise simulated network topologies in hands-on labs.
  • Participants receive individual guidance from an expert engineer who has extensive experience with Linux technologies.

Audience

  • Developers who want to learn more about securing Linux-based device
  • Customers who have recently purchased or are considering purchasing Wind River Linux

Prerequisite Skills

  • Basic understanding of operating systems
  • Familiarity with the Linux operating system
  • One year of experience working with and/or administering a Linux/UNIX system

Prerequisite Courses

  • None

Related Courses

  • Embedded Security Essentials
  • Wind River Linux LTS CLI Essentials

Syllabus

Day 1

INTRODUCTION

  • SELinux Background Information
  • SELinux in the WR Linux Product Line
  • DAC, MAC, RBAC
  • MAC Implementations
  • Linux Security: DAC, MAC, LSM
  • LAB: Getting Started with SELinux

SELINUX AND MAC

  • Type Enforcement (TE) Security Model
  • SELinux Users and RBAC
  • MLS and MCS Security Models
  • LAB: Using SELinux Commands

SELINUX SECURITY CONTEXT

  • What’s a Security Context?
  • Policy and Access Control
  • Type Enforcement
  • RBAC
  • MLS
  • Domain transitions
  • LAB: Understanding Security Contexts

SELINUX SECURITY POLICY

  • The Reference Policy
  • SELinux Booleans
  • Policy Versions
  • Wind River Linux Policy
  • LAB: Using Boolean to Customize Security Policies

Day 2

SELINUX IDENTITY AND ROLES

  • ISELinux users and Linux users
  • Default identities
  • SELinux and PAM
  • Role switching
  • Granting sensitivity/category to users
  • LAB: Managing SELinux Users

SELINUX CONFIGURATION

  • Configuration Files
  • Logging and the Audit Daemon
  • Configuring the Mode of SELinux
  • LAB: Configuring an SELinux System

CREATING AND MANAGING SELINUX POLICY

  • The Policy Development Environment
  • Policy Configuration Files
  • SELinux Policy Language
  • Compiling Security modules
  • Loading and Testing Security Modules
  • Creating Policy Sets
  • Making Changes Persist Across Boots
  • LAB: Creating SELinux Modules

SELINUX TROUBLESHOOTING

  • Root cause analysis
  • Silent Denials
  • Solutions
  • Using Permissive Modes and Domains
  • LAB: Using Audit Tools for Troubleshooting
Buy Now

COURSE DETAILS SUMMARY

  • Duration: 2 Days
  • Course Information: View
  • Format: Lectures and Labs
  • Type: Instructor-led

COURSE SCHEDULE

CONTACT US