Security-Enhanced Linux: Managing Confined Services

My employer, Red Hat, is allowing me to work on another Security-Enhanced Linux (SELinux) guide for Fedora. The name is not decided yet, but will be something like “Security-Enhanced Linux: Managing Confined Services”.

The guide is aimed at system administrators. It is planned to cover a brief introduction to SELinux, confined and unconfined services, and how to perform system administration tasks without turning SELinux off. Services will include the Apache HTTP Server, Samba, FTP, BIND, and NFS…Some of the tasks include:

* sharing files via Samba, FTP, NFS, and HTTP.
* sharing files between multiple services (for example, files accessible to the Apache HTTP Server (httpd) and FTP (vsftpd).
* manage DNS and BIND (for example, allow named to accept zone updates).
* customize the ports services listen on.
* use non-default directories to store files for services.

It is planned to go into detail about the types available for each service, as well as Booleans to cater for ways services can be run. Hopefully some of these items can find their way back into the man pages.

A brief (and in progress) information plan and content specification can be found at https://fedorahosted.org/managing-confined-services/, which covers items to include. Feel free to mail me (mmcallis redhat com) with any ideas or things you would like included.

This entry was posted on Wednesday, January 21st, 2009 at 1:41 pm and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

2 Responses to Security-Enhanced Linux: Managing Confined Services

  1. frizia roger says:
    February 5, 2009 at 2:55 pm

    nice post..
    thxs

    Reply
  2. SEFAC USA Inc. says:
    October 12, 2015 at 4:29 am

    SEFAC USA Inc.

    Security-Enhanced Linux: Managing Confined Services | Murray McAllister

    Reply

Leave a comment