SELinux: NSA’s Open Source Security Enhanced Linux Enhanced

石头

作者：Bill McCarty
出版日期：October 11, 2004
出版社：O'Reilly
页数：254
ISBN：ISBN-10: 0596007167 ISBN-13: 978-0596007164
文件格式：CHM

Product Description
The intensive search for a more secure operating system has often lefteveryday, production computers far behind their experimental, researchcousins. Now SELinux (Security Enhanced Linux) dramatically changesthis. This best-known and most respected security-related extension toLinux embodies the key advances of the security field. Better yet,SELinux is available in widespread and popular distributions of theLinux operating system–including for Debian, Fedora, Gentoo, Red HatEnterprise Linux, and SUSE–all of it free and open source. SELinuxemerged from research by the National Security Agency and implementsclassic strong-security measures such as role-based access controls,mandatory access controls, and fine-grained transitions and privilegeescalation following the principle of least privilege. It compensatesfor the inevitable buffer overflows and other weaknesses inapplications by isolating them and preventing flaws in one applicationfrom spreading to others. The scenarios that cause the mostcyber-damage these days–when someone gets a toe-hold on a computerthrough a vulnerability in a local networked application, such as a Webserver, and parlays that toe-hold into pervasive control over thecomputer system–are prevented on a properly administered SELinuxsystem. The key, of course, lies in the words “properly administered.”A system administrator for SELinux needs a wide range of knowledge,such as the principles behind the system, how to assign differentprivileges to different groups of users, how to change policies toaccommodate new software, and how to log and track what is going on.And this is where SELinux is invaluable. Author Bill McCarty, asecurity consultant who has briefed numerous government agencies,incorporates his intensive research into SELinux into this small butinformation-packed book. Topics include:

• A readable and concrete explanation of SELinux concepts and the SELinux security model
• Installation instructions for numerous distributions
• Basic system and user administration
• A detailed dissection of the SELinux policy language
• Examples and guidelines for altering and adding policies

With SELinux, a high-security computer is within reach ofany system administrator. If you want an effective means of securingyour Linux system–and who doesn’t?–this book provides the means.
About the Author
Bill McCarty is a Professor of Information Technology at Azusa PacificUniversity, Azusa, California. Bill is also the author of over fifteentechnical books and numerous papers and presentations. He serves aseditor of the Honeynet Files department of the journal IEEE Securityand Privacy, and directs the Azusa Pacific University Honeynet ResearchProject, which is affiliated with the Honeynet Project’s HoneynetResearch Alliance. Bill has briefed members of US organizations such asthe CIA, DISA, FBI, NASA, and NSA, and non-US organizations such as theUK’s CESG and GHQ, on his honeynet research. He has worked with the FBIto prevent and detect computer crimes.