SELinux by Example: Using Security Enhanced Linux (Anglais) Broché – 27 juillet 2006
Rentrée scolaire 2017 : découvrez notre boutique de livres, fournitures, cartables, ordinateurs, vêtements ... Voir plus.
|Neuf à partir de||Occasion à partir de|
- Choisissez parmi 17 000 points de collecte en France
- Les membres du programme Amazon Prime bénéficient de livraison gratuites illimitées
- Trouvez votre point de collecte et ajoutez-le à votre carnet d’adresses
- Sélectionnez cette adresse lors de votre commande
Les clients ayant acheté cet article ont également acheté
Description du produit
Revue de presse
"The three authors are well versed in the topic and comprise the best team to write on SELinux that you could find. Even though it is written as a straightforward text - as opposed to a study guide - I appreciate how each chapter ends with a summary and then exercises to reinforce what you've just finished reading. "--Emmett Dulaney, Editor, UnixReview.com
"This is a very good book and is easily the best I've seen yet on the subject of SELinux. If you've been tasked with maintaining an SELinux-enabled machine, would like to write or enhance existing SELinux policy, or just want to understand what SELinux is and how it came to be, then this is the book for you. "--Ryan Maple, Reviewer, LinuxSecurity.com
Présentation de l'éditeur
SELinux: Bring World-Class Security to Any Linux Environment!
SELinux offers Linux/UNIX integrators, administrators, and developers a state-of-the-art platform for building and maintaining highly secure solutions. Now that SELinux is included in the Linux 2.6 kernel―and delivered by default in Fedora Core, Red Hat Enterprise Linux, and other major distributions―it’s easier than ever to take advantage
of its benefits.
SELinux by Example is the first complete, hands-on guide to using SELinux in production environments. Authored by three leading SELinux researchers and developers, it illuminates every facet of working with SELinux, from its architecture and security object model to its policy language. The book thoroughly explains SELinux sample policies― including the powerful new Reference Policy―showing how to quickly adapt them to your unique environment. It also contains a comprehensive SELinux policy language reference and covers exciting new features in Fedora Core 5 and the upcoming Red Hat Enterprise Linux version 5.
• Thoroughly understand SELinux’s access control and security mechanisms
• Use SELinux to construct secure systems from the ground up
• Gain fine-grained control over kernel resources
• Write policy statements for type enforcement, roles, users, and constraints
• Use optional multilevel security to enforce information classification and manage users with diverse clearances
• Create conditional policies that can be changed on-the-fly
• Define, manage, and maintain SELinux security policies
• Develop and write new SELinux security policy modules
• Leverage emerging SELinux technologies to gain even greater flexibility
• Effectively administer any SELinux system
Aucun appareil Kindle n'est requis. Téléchargez l'une des applis Kindle gratuites et commencez à lire les livres Kindle sur votre smartphone, tablette ou ordinateur.
Pour obtenir l'appli gratuite, saisissez votre numéro de téléphone mobile.
Détails sur le produit
Si vous vendez ce produit, souhaitez-vous suggérer des mises à jour par l'intermédiaire du support vendeur ?
Commentaires en ligne
Commentaires client les plus utiles sur Amazon.com (beta) (Peut contenir des commentaires issus du programme Early Reviewer Rewards)
Book has the content you need, if this is the sort of thing you need. This book is extremely helpful, and IMO a mostly required book.
I wanted SELinux by Example to show me how to set up rules for CGI sub-systems. But by the time the book was delivered, I already figured it out. This signaled the end of 2 - 3 weeks of head banging! Then I was able to continue testing a program port.
As I flipped through the book, it showed me what I needed to do if I wanted to set up rules for including my own applications on LINUX. Hence this book is a great tool for customizing SELinux. Now, all new applications can keep on enforcing security. My favorite subject is managing roles, even as an associated "domain" transitions to another. Both high-class administrators and endusers alike will trust my services guarded by this security system.
1) it is current
2) the exercises are practical and come with solution in the book; and
3) there are nowhere near as many mistakes.
So let's cut to the downsides of this book:
1) it's dated (now in 2008)
2) there are mistakes, many mistakes but thankfully most are obvious
3) there are no easily accessible answers. They might be online, but so far i have not found them...
So that sounds pretty bad, but actually the book is very good, mainly because of its depth. It seems to go through the entire beast that is SELinux, using non-contrived examples of policy. Unfortunately it does not help you in administering your system all that much (though there is a chapter devoted to this). The reason for this is simple: this book aims to tell you how SELinux works, rather than how to use it. In other words, this book needs to be read together with something more practical. The practical content of the book is probably confined to the last two chapters which amounts to just shy of 70 pages out of 425 including index.
Honestly, i am torn on this: on the one hand i'm disappointed about how out of date the book has gotten, and how quickly, but at the same time i understand: SELinux is still evolving significantly AND how distro's are using it is still evolving. Just see some of the references where the book acknowledges its shortcomings: The authors know where things are headed, they know their stuff. Which on the other side of the spectrum is why this book is so good as an introduction: you cover everything, you have a really solid background of the area, but you are left wanting more, you are left wanting ... well >practical< examples, rather than the examples in the text.
I would recommend that anyone wanting to get into using SELinux get material of their distro's support site (Red Hat / Fedora have guides and links to other materials which are excellent and free) and use those materials with this book. I have yet to find a source that ties all of SELinux together so well, but at the same time, there is the sensation that this material will need a revision very soon.
One last issue is that the book is a little too formulaic. The text will inform you there is a summary of syntax on page X, where X is the page you are on and the summary is the next paragraph. It just rubs me the wrong way, it is pointing out the obvious, it is adding volume where none is needed. The text is concise, but for some reason it seems the authors want to add bloat and volume when otherwise they get right to the point.
In conclusion, consider this book a foundation, even if its not as current as you might want (and those issues are related more to module based policy writing which is covered in sufficient depths, especially because examples are included with your SELinux policy anyway), and read it with the man pages and the documentation you get with your distro and you'll be fine.
What Mayer et al demonstrate is that the latest linux 2.6 has a very interesting add-on. SELinux. It is incorporated by default. So if you're running linux 2.6, it's been present all along, hidden in the background. The book describes what it offers. A vastly improved and very granular security model. Based on the concept of type enforcement. It goes way beyond earlier implementations of Mandatory Access Control.
The book can be heavy sledding if all this is new to you. Luckily, it describes a neat GUI tool, apol, that you can run as root. It can greatly assist understanding the use and making of rules.
Most users and sysadmins of linux machines might still not require the active use of SELinux. There is a considerable investment in time needed, to understand and use it. Plus, most of the examples cited in the book refer to government or classified contexts. Outside these, you have to really ask yourself if it's germane to you.