Security-Enhanced Linux: Managing Confined Services

My employer, Red Hat, is allowing me to work on another Security-Enhanced Linux (SELinux) guide for Fedora. The name is not decided yet, but will be something like “Security-Enhanced Linux: Managing Confined Services”.

The guide is aimed at system administrators. It is planned to cover a brief introduction to SELinux, confined and unconfined services, and how to perform system administration tasks without turning SELinux off. Services will include the Apache HTTP Server, Samba, FTP, BIND, and NFS…Some of the tasks include:

* sharing files via Samba, FTP, NFS, and HTTP.
* sharing files between multiple services (for example, files accessible to the Apache HTTP Server (httpd) and FTP (vsftpd).
* manage DNS and BIND (for example, allow named to accept zone updates).
* customize the ports services listen on.
* use non-default directories to store files for services.

It is planned to go into detail about the types available for each service, as well as Booleans to cater for ways services can be run. Hopefully some of these items can find their way back into the man pages.

A brief (and in progress) information plan and content specification can be found at https://fedorahosted.org/managing-confined-services/, which covers items to include. Feel free to mail me (mmcallis redhat com) with any ideas or things you would like included.

About these ads

One Response to Security-Enhanced Linux: Managing Confined Services

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: