| | |  | Computer Security | Home » » SELinux by Example: Using Security Enhanced Linux | | | | | | | Product Promotions: | | | | | Description: | | | SELinux: Bring World-Class Security to Any Linux Environment! SELinux offers Linux/UNIX integrators, administrators, and developers a state-of-the-art platform for building and maintaining highly secure solutions. Now that SELinux is included in the Linux 2.6 kernel—and delivered by default in Fedora Core, Red Hat Enterprise Linux, and other major distributions—it’s easier than ever to take advantage
of its benefits. SELinux by Example is the first complete, hands-on guide to using SELinux in production environments. Authored by three leading SELinux researchers and developers, it illuminates every facet of working with SELinux, from its architecture and security object model to its policy language. The book thoroughly explains SELinux sample policies— including the powerful new Reference Policy—showing how to quickly adapt them to your unique environment. It also contains a comprehensive SELinux policy language reference and covers exciting new features in Fedora Core 5 and the upcoming Red Hat Enterprise Linux version 5. • Thoroughly understand SELinux’s access control and security mechanisms • Use SELinux to construct secure systems from the ground up • Gain fine-grained control over kernel resources • Write policy statements for type enforcement, roles, users, and constraints • Use optional multilevel security to enforce information classification and manage users with diverse clearances • Create conditional policies that can be changed on-the-fly • Define, manage, and maintain SELinux security policies • Develop and write new SELinux security policy modules • Leverage emerging SELinux technologies to gain even greater flexibility • Effectively administer any SELinux system | | | Product Details: | | | Author:
| Frank Mayer | | Paperback:
| 456 pages | | Publisher:
| Prentice Hall | | Publication Date:
| August 06, 2006 | | Language:
| English | | ISBN:
| 0131963694 | | Product Length:
| 9.2 inches | | Product Width:
| 6.9 inches | | Product Height:
| 1.0 inches | | Product Weight:
| 1.85 pounds | | Package Length:
| 8.9 inches | | Package Width:
| 7.0 inches | | Package Height:
| 0.9 inches | | Package Weight:
| 1.25 pounds | | Average Customer Rating:
|  based on 6 reviews |
| | | | Customer Reviews: | |
Average Customer Review:
 ( 6 customer reviews )
Write an online review and share your thoughts with other customers.
Most Helpful Customer Reviews
15 of 15 found the following review helpful:
 Great grounding but going out of date quicklyJan 03, 2008
By Christian R. Unger
SELinux by Example is not my first venture into learning about SELinux, but in fact my second. My first was the study guide for the RedHat SELinux Exam (which you only get if you pay for the course, so i realise it is not a cheap option). While the Red Hat material is very limited (to be covered in 4 days and with the aim of preparing you for an exam) it has three gleaming advantages:
1) it is current
2) the exercises are practical and come with solution in the book; and
3) there are nowhere near as many mistakes.
So let's cut to the downsides of this book:
1) it's dated (now in 2008)
2) there are mistakes, many mistakes but thankfully most are obvious
3) there are no easily accessible answers. They might be online, but so far i have not found them...
So that sounds pretty bad, but actually the book is very good, mainly because of its depth. It seems to go through the entire beast that is SELinux, using non-contrived examples of policy. Unfortunately it does not help you in administering your system all that much (though there is a chapter devoted to this). The reason for this is simple: this book aims to tell you how SELinux works, rather than how to use it. In other words, this book needs to be read together with something more practical. The practical content of the book is probably confined to the last two chapters which amounts to just shy of 70 pages out of 425 including index.
Honestly, i am torn on this: on the one hand i'm disappointed about how out of date the book has gotten, and how quickly, but at the same time i understand: SELinux is still evolving significantly AND how distro's are using it is still evolving. Just see some of the references where the book acknowledges its shortcomings: The authors know where things are headed, they know their stuff. Which on the other side of the spectrum is why this book is so good as an introduction: you cover everything, you have a really solid background of the area, but you are left wanting more, you are left wanting ... well >practical< examples, rather than the examples in the text.
I would recommend that anyone wanting to get into using SELinux get material of their distro's support site (Red Hat / Fedora have guides and links to other materials which are excellent and free) and use those materials with this book. I have yet to find a source that ties all of SELinux together so well, but at the same time, there is the sensation that this material will need a revision very soon.
One last issue is that the book is a little too formulaic. The text will inform you there is a summary of syntax on page X, where X is the page you are on and the summary is the next paragraph. It just rubs me the wrong way, it is pointing out the obvious, it is adding volume where none is needed. The text is concise, but for some reason it seems the authors want to add bloat and volume when otherwise they get right to the point.
In conclusion, consider this book a foundation, even if its not as current as you might want (and those issues are related more to module based policy writing which is covered in sufficient depths, especially because examples are included with your SELinux policy anyway), and read it with the man pages and the documentation you get with your distro and you'll be fine.
4 of 4 found the following review helpful:
 is it germane to your usage of linux?Sep 15, 2006
By W Boudville
If you are a linux or unix user, then you're probably pretty familiar with the permissions settings on files. It's a basic methodology that is essentially unchanged over 20 years or more or unix development. But its shortcomings have been just as well known to unix experts over that time.
What Mayer et al demonstrate is that the latest linux 2.6 has a very interesting add-on. SELinux. It is incorporated by default. So if you're running linux 2.6, it's been present all along, hidden in the background. The book describes what it offers. A vastly improved and very granular security model. Based on the concept of type enforcement. It goes way beyond earlier implementations of Mandatory Access Control.
The book can be heavy sledding if all this is new to you. Luckily, it describes a neat GUI tool, apol, that you can run as root. It can greatly assist understanding the use and making of rules.
Most users and sysadmins of linux machines might still not require the active use of SELinux. There is a considerable investment in time needed, to understand and use it. Plus, most of the examples cited in the book refer to government or classified contexts. Outside these, you have to really ask yourself if it's germane to you.
1 of 1 found the following review helpful:
 Good and indepth, but a little outdatedMay 05, 2009
By Matthew E. Coleman
This book offers a lot of information on the subject, and seems to focus generally on policy writing. However, there are a lot of new features in the newer Fedora Cores that it doesn't cover very well. Also, it talks about a lot of issues that, as long as you don't have a super old system, don't really matter anymore.
 Not well writtenOct 11, 2011
By Bradley Goodman
I'm about a hundred pages into the book. I am still completely confused. If this book was intended to describe SELinux "by Example" it certainly hasn't. Furthermore, it seems to be a bit out of date, focusing on old distributions like Fedora Core 5. It appears to place a lot of focus on more obscure tools (written by the author and the author's company) as opposed to the more "standard" tools which are included in standard distributions.
Puts you up close with the rulesMay 29, 2011
By Duckie
I'm the type of administrator that installed fedora 13 at home, encountered SELinux and lastly installed fedora 14.
I wanted SELinux by Example to show me how to set up rules for CGI sub-systems. But by the time the book was delivered, I already figured it out. This signaled the end of 2 - 3 weeks of head banging! Then I was able to continue testing a program port.
As I flipped through the book, it showed me what I needed to do if I wanted to set up rules for including my own applications on LINUX. Hence this book is a great tool for customizing SELinux. Now, all new applications can keep on enforcing security. My favorite subject is managing roles, even as an associated "domain" transitions to another. Both high-class administrators and endusers alike will trust my services guarded by this security system.
See all 6 customer reviews on Amazon.com
| | |
|
