Focus: Security Enhanced Linux 
Duration: 10 Hours

Course Objective
SELinux Security - Module IV

Access Control Models
Describe Access Control Model (ACM) theories (DAC/MAC/nDAC)
Explain features & shortcomings of Discretionary Access Control (DAC) models
Identify key DAC-based utilities
Discuss the advantages & caveats of Mandatory Access Control (MAC)models
Explore DAC-based programs

SELinux - Basics
Discuss subjects & objects
Explain how SELinux is implemented in 2.6.x-based kernels
Confirm SELinux support in the kernel
Identify key SELinux packages
Use sestatus to obtain the current SELinux mode
Discuss subject & object labeling
Describe the 3 SELinux operating modes
Identify key utilities & files, which dictate the current SELinux operating mode
Focus on the features of SELinux permissive mode
Explore the boot process as it relates to SELinux

SELinux - Object Labeling
Discuss subject & object labeling
Discuss the role of extended attributes (XATTRs)
Expose the labels of specific objects
Alter the lables of specific objects
Configure SELinux to automatically label objects per security policy
Reset the system and confirm labels on altered objects
Explain security tuples
Use fixfiles to restore object labels on running system per security policy

SELinux - Type Contexts - Security Labels Applied to Objects
Intro to object security tuples - security labels
Attempt to serve HTML content using Apache in SELinux enforcing mode
Identify problematic object security labels
Serve HTML content in SELinux permissive mode
Use chcon to alter object security labels
Switch to enforcing mode & confirm the ability to serve HTML content
Use restorecon to restore object security context (labels)

SELinux - Basic Commands - Type & Domain Exposition
ps - reveal subjects' security context (security label) - Domains
ls - reveal objects' security label - Types
cp - preserve/inherit security labels
mv - preserve security labels
id - expose subject security label

SELinux - Targeted Policy - Binary
Explain the Targeted Policy's features
Discuss policy transitions for domains
Compare & contrast confined & unconfined states
Exempt Apache daemon from the auspicies of the targeted policy's confined state
Evaluate results after exemption
Explain the security contexts applied to subjects & objects
Peruse key targeted binary policy files
Identify the daemons protected by the targeted policy
Discuss the unconfined_t domain - subject label

SELinux - Targeted Policy - Source
Install the targeted policy source files
Identify & discuss TE and FC files
Explore file_contexts - context definition for objects
Discuss the file context syntax
Explain the purpose of using run_init to initiate SELinux-protected daemons
Switch between permissive & enforcing modes and evaluate behavior
Peruse the key files in the targeted source policy

SELinux - Miscellaneous Utilities - Logging
Use tar to archive SELinux-protected objects
Confirm security labels on tar-archived objects
Use the tar substitute 'star' to archive extended attributes(XATTRs)
Confirm security labels on star-archived objects
Discuss the role of the AVC
Examine SELinux logs - /var/log/messages
Alter Syslog configuration to route SELinux messages to an ideal location
Use SETools, shell-based programs to output real-time statistics
Install & use SEAudit graphical SELinux log-management tool

SELinux - RedHat® Enterprise 5.x - Exploration
Explore configuration & key utilities
Transition from 'disabled' to 'permissive' mode
Focus on Apache web server behavior
Enable UserDir functionality & test content access
Transition to 'enforcing' mode
Examine Apache behvavior in restricted environment
Adjust SELinux directives
Evaluate results

SELinux - Network Ports - Service Restrictions
Explore standard behavior
Configure new application bindings
Examine SELinux intervention
Rectify SELinux configuration for multiple services
Evaluate results