SELinux: NSA's IOpen Source Security Enhanced Linux

Overview

The intensive search for a more secure operating system has often left everyday, production computers far behind their experimental, research cousins. Now SELinux (Security Enhanced Linux) dramatically changes this. This best-known and most respected security-related extension to Linux embodies the key advances of the security field. Better yet, SELinux is available in widespread and popular distributions of the Linux operating system—including for Debian, Fedora, Gentoo, Red Hat Enterprise Linux, and SUSE—all of...

See more details below
Paperback
$37.11
BN.com price
(Save 7%)$39.95 List Price
Other sellers (Paperback)
  • All (17) from $14.19   
  • New (10) from $14.19   
  • Used (7) from $21.28   
Sending request ...

Overview

The intensive search for a more secure operating system has often left everyday, production computers far behind their experimental, research cousins. Now SELinux (Security Enhanced Linux) dramatically changes this. This best-known and most respected security-related extension to Linux embodies the key advances of the security field. Better yet, SELinux is available in widespread and popular distributions of the Linux operating system—including for Debian, Fedora, Gentoo, Red Hat Enterprise Linux, and SUSE—all of it free and open source.SELinux emerged from research by the National Security Agency and implements classic strong-security measures such as role-based access controls, mandatory access controls, and fine-grained transitions and privilege escalation following the principle of least privilege. It compensates for the inevitable buffer overflows and other weaknesses in applications by isolating them and preventing flaws in one application from spreading to others. The scenarios that cause the most cyber-damage these days—when someone gets a toe-hold on a computer through a vulnerability in a local networked application, such as a Web server, and parlays that toe-hold into pervasive control over the computer system—are prevented on a properly administered SELinux system.The key, of course, lies in the words "properly administered." A system administrator for SELinux needs a wide range of knowledge, such as the principles behind the system, how to assign different privileges to different groups of users, how to change policies to accommodate new software, and how to log and track what is going on. And this is where SELinux is invaluable. Author Bill McCarty, a security consultant who has briefed numerous government agencies, incorporates his intensive research into SELinux into this small but information-packed book. Topics include:

  • A readable and concrete explanation of SELinux concepts and the SELinux security model
  • Installation instructions for numerous distributions
  • Basic system and user administration
  • A detailed dissection of the SELinux policy language
  • Examples and guidelines for altering and adding policies
With SELinux, a high-security computer is within reach of any system administrator. If you want an effective means of securing your Linux system—and who doesn't?—this book provides the means.
Read More Show Less

Product Details

  • ISBN-13: 9780596007164
  • Publisher: O'Reilly Media, Incorporated
  • Publication date: 10/15/2004
  • Edition number: 1
  • Pages: 258
  • Product dimensions: 7.12 (w) x 9.24 (h) x 0.68 (d)

Meet the Author

Bill McCarty is a Professor of Information Technology at Azusa Pacific University, Azusa, California. Bill is also the author of over fifteen technical books and numerous papers and presentations. He serves as editor of the Honeynet Files department of the journal IEEE Security and Privacy, and directs the Azusa Pacific University Honeynet Research Project, which is affiliated with the Honeynet Project's Honeynet Research Alliance. Bill has briefed members of US organizations such as the CIA, DISA, FBI, NASA, and NSA, and non-US organizations such as the UK's CESG and GHQ, on his honeynet research. He has worked with the FBI to prevent and detect computer crimes.

Read More Show Less

Table of Contents

Preface

Chapter 1: Introducing SELinux

Chapter 2: Overview of the SELinux Security Model

Chapter 3: Installing and Initially Configuring SELinux

Chapter 4: Using and Administering SELinux

Chapter 5: SELinux Policy and Policy Language Overview

Chapter 6: Role-Based Access Control

Chapter 7: Type Enforcement

Chapter 8: Ancillary Policy Statements

Chapter 9: Customizing SELinux Policies

Security Object Classes

SELinux Operations

SELinux Macros Defined in src/policy/macros

SELinux General Types

SELinux Type Attributes

Colophon

Read More Show Less

Customer Reviews

Be the first to write a review
( 0 )
Rating Distribution

5 Star

(0)

4 Star

(0)

3 Star

(0)

2 Star

(0)

1 Star

(0)

Your Rating:

Your Name: Create a Pen Name or

Barnes & Noble.com Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & Noble.com that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & Noble.com does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at BN.com or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation

Reminder:

  • - By submitting a review, you grant to Barnes & Noble.com and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Noble.com Terms of Use.
  • - Barnes & Noble.com reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & Noble.com also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on BN.com. It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

 
Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously
Sort by: Showing 1 Customer Reviews
  • Anonymous

    Posted March 12, 2005

    vastly improved implementation

    Selinux is a conscious attempt to fundamentally rework and improve linux security. Previously, or more to the point, in most current linux machines, the security was somewhat of an ad hoc approach. This is mitigated by a formidable array of open source IDS tools like Ethereal and Snort that let a sysadmin often successfully depend her network and machines. But as the frequency and virulence of malware attacks has increased, the Selinux of this book may be a timely reinforcing of the operating system. As McCarty explains, this book is geared towards a sysadmin, as opposed to a programmer. It discusses the new things you should know. Especially the concepts of role based access model and of domains. The former has shades of DEC's VMS, which had a very mature implementation. Or those of you with mainframe experience may also recognise familiar ideas. Programmers may find the book a little sparse, as mentioned above. But possibly McCarty is devising a sequel for them.

    Was this review helpful? Yes  No   Report this review
Sort by: Showing 1 Customer Reviews

If you find inappropriate content, please report it to Barnes & Noble
Why is this product inappropriate?
Comments (optional)