SELinux Administration

SELinux Administration


Session 1. Introduction to SELinux

  • SELinux Introduction
    • What is SELinux and how it works?
  • Access Control Mechanisms
  • Labels, Contexts and Type Enforcement
  • Basic Terminology
    • Users, Roles, Subjects, Objects, Domains and Types
  • SELinux Policy and Policy Organization
    • Confined and Unconfined Domain, Type Enforcement and Policy Behavior
  • SELinux Administration – Settings and Modes
  • SELinux Configuration, SELinux Status
  • SELinux Features and Benefits
  • SELinux is not

Session 2. Getting Started with SELinux

  • Boot Options for SELinux
  • Enabling user home directories
  • SELinux Settings for User Home Directories
  • Targeted Policy Protected Services
  • Default list of SELinux Protected Services
  • File Context for Special Directory Trees
  • Setting Persistent SELinux Contexts on Directory Trees.
  • Example: ftp server with non default directory

Session 3. SELinux Booleans

  • SELinux Booleans
  • Why a Service doesn’t work?
  • Boolean Values
  • Service Categories of SELinux Booleans
  • Booleans with SELinux Management Tool
  • CLI V/s GUI Filter
  • Boolean Settings do not stand alone
  • SELinux directives for HTTP Services, Name Service, MariaDB, NFS, Samba and SSH

Session 4. Troubleshooting

  • Identify the Problem – SELinux Audits
  • Using ausearch and sealert
  • Using audit2allowUtility
  • SELinux Troubleshoot Browser
  • The setroubleshootd
    • Installation, configuration and working
  • Sending e-mails
  • Testing setroubleshoot functionality
  • Binding sshd on a non standard port
  • SELinux Logging – Interacting with systemd-journal
  • Policy Rules V/s other Options

Lab 1. Exploring CGI scripts

Session 5. SELinux Policies

  • SELinux Policy
  • Policy Organization
  • Confined and Unconfined Domain
  • SELinux Policy Behavior
  • Configuring a Policy with semanage
  • Example
    • SELinux Port Labeling
    • Managing Ports with Semanage
    • Using Semanage Permissive
    • Limiting flows based on the network interface
  • Generating Policy files for Deployment
  • Handling device files
  • Setting a SELinux label on a device node

Lab 2. Understanding policies

Session 6. Working with SELinux Policies

  • SELinux Policy Language
  • Source Policy Modules in a Monolithic Policy
  • Loadable Policy Modules
  • Building and Installing Monolithic Policies
  • Build and load process for SELinux policy
  • The make Targets
  • Generating Policy files for Deployment
  • Supported user templates with sepolgen
  • Handling device files
  • Using udev Rules
  • Setting a SELinux label on a device node

Lab 3. Modifying an existing policy

Session 7. Building and Loading SELinux Policies

  • Downloading and Installing the source and preparing the build area
  • Build the base policy package
  • Compiling the Monolithic Policy
  • Loading the Monolithic Policy
  • Compiling Policy Modules
  • Loading Policy Modules
  • Policy Type-Enforcement Module Syntax
  • Policy Type-Enforcement Module Example

Lab 4 Compiling and Building Base Policy from Source

Lab 5 – Using fixfiles Script and Setting mount contexts

Session 8. Working with semodule and Object Classes

  • High Level SELinux Architecture
  • semodule
  • Object Classes and Permissions
  • Defining common Permissions
  • Examples

Session 9. Policy Utilities

  • seaudit, seaudit_report, checkpolicy, sesearch,
  • sestatus, audit2allow, audit2why,
  • sealert, avcstat, seinfo and semanage

Session 10. User and Role Security

  • Role-based Access Control
  • Multi Category Security – MCS
  • Multi Category Security: translation and login
  • The chcat – change file security category
  • Defining a SecurityAdministrator: sudo, chcat and root

Lab 6. Role Based Policy Restrictions

Session 11. MLS, Users, Roles, Domain Transition, Macros and Types

  • Multi-Level Security – MLS
  • The strict Policy
  • General Identification
  • User Identification: system_u, users_u and root, Declaring Users
  • Role Identification – Role Dominance
  • Domain Transition
  • Polyinstantiation of Directories
  • Policy Macros
  • Types : Enforcement, Attributes, Aliases and Transitions for Objects
  • restorecond
  • Customizable Types

Lab 7 Creating a new types

Session 12 Contexts, Policies, Access Vector, Logs and Booleans

  • File Contexts
  • Manipulating Policies
  • Access Vector
  • Security Identifiers-SIDs
  • Statements: fs_use_* and genfscon
  • Context on network objects
  • Booleans: Creating and using new booleans
  • Enableaudit

Lab 8. Creating Policy Module

Lab 9 Mount Options and Custom port for squid


  • Task 1.  Create File Contexts, Create File Types, Create File Typealiases
  • Task 2.  Edit or Create Network Contexts
  • Task 3.  Domains – Create Domains: Macros, Building and Enhancing


November 22, 2019

0 responses on "SELinux Administration"

Leave a Message

Featured Testimonial

I would like to mention a new feature "Interactive Video". You can't simply watch the video. You have to actually get involved. It will pause suddenly and ask question. If you are not able to answer the question you have to watch it all over again. Hence a real learning is guaranteed.Read more

Indiana Jones

Co-Founder Director

Certificate Code

Become an Instructor

Designed by  © Alliance Softech Pvt Ltd. All rights reserved.
WhatsApp chat