Penguin Power!
Buy Linux distributions at discount prices!
Linux| Perl| PHP| Webserv| Databases| Sysadmin| Programming| Filesystems| Java| Webprog
News from Slashdot
Journalist Arrested By Interpol For Tweet

Scientists Print Cheap RFID Tags On Paper

Ask Slashdot: How To Go Paperless At Home?

Bad Guys Use Open Source, Too

San Francisco Enlists Bus Cameras For Traffic Law Enforcement

Battery Turns Saltwater Into Drinking Water

NASA To Drastically Cut Mars Mission Funding

Global Christianity and the Rise of the Cellphone

How Pre-Paid Energy Services Aid In Rural Electrification

Golden Delicious Now Shipping Hackable Openmoko GTA04


Related products:

Linux iptables Pocket Reference Linux iptables Pocket Reference

Linux Server Security Linux Server Security


Hardening Linux Hardening Linux

Linux Cookbook Linux Cookbook

Networking And System Administration

SELinux: NSA's Open Source Security Enhanced Linux

Networking And System Administration
Format: Paperback
Author: Bill McCarty
ReleaseDate: 12 October, 2004
Publisher: O'Reilly Media
Rating:

Good Introduction but lacks advanced, how-to information.
For complex topics like SELinux, you typically cannot fit the conceptual and pragmatic within one book. Personally, I prefer books to focus either concepts or detailed implementation instructions not both. McCarty's SELINUX is no exception. SELINUX provides an excellent overview of concepts but struggles with policy implementation methods and procedures. I suspect the topic is simply too large for one volume. What implementation advice presented is clear and concise but you will have to search elsewhere for more detailed deployment advice.

Despite these issues, this book is recommended reading for anyone considering implementing SELinux. The conceptual overview is some of the best I've seen since SELinux got its start. Using charts, diagrams and examples, McCarty presents an excellent overview of the nuts and bolts of SELinux. Understanding the principles of Role-Based Access Control, Type Enforcement, and Security Objects is critical to both using SELinux and justifying its use. The latter may be a bigger hurdle than many anticipate. The chapters on these areas will arm you with sufficient understanding to make a clear case of why SELinux can and should be implemented in many Linux-based computing environments.

While there are brief examples throughout, the book's third chapter on SELinux installation presents a well-documented, step-by-step guide to installing SELinux. If you've never installed SELinux, these sections will prove very valuable. With clearly numbered steps and command line examples, you can have SELinux installed and configured with a default policy within an hour.

As a mix between the pragmatic and conceptual, SELINUX is a good start on this topic. Entry level SELinux users will probably not learn too much from this book, but if your are looking for a introduction to SELinux concepts along with some pragmatic advice for getting started, then this book may be for you.


vastly improved implementation
Previously, or more to the point, in most current linux machines, the security was somewhat of an ad hoc approach. Selinux is a conscious attempt to fundamentally rework and improve linux security. This is mitigated by a formidable array of open source IDS tools like Ethereal and Snort that let a sysadmin often successfully depend her network and machines.

But as the frequency and virulence of malware attacks has increased, the Selinux of this book may be a timely reinforcing of the operating system. As McCarty explains, this book is geared towards a sysadmin, as opposed to a programmer. It discusses the new things you should know. Especially the concepts of role based access model and of domains. The former has shades of DEC's VMS, which had a very mature implementation. Or those of you with mainframe experience may also recognise familiar ideas.

Programmers may find the book a little sparse, as mentioned above. But possibly McCarty is devising a sequel for them.


One of the best on creating a secure Linux system
It does all this without conflicting with the normal permissions of Linux. So what makes Selinux more secure than standard Linux? Primarily it is the implementation of role-based access control, sandboxing, and an audit facility that allows the system to log any attempts to exceed specified permissions. If you are able to access a file through normal discretionary access control then the role-based mandatory access control provides additional security to determine if you can run the file or not. The only way to open a file is if both systems agree that you should be able to open it.

The author covers installation, configuration, administering, and setting up a security policy. The presentation of SeLinux is straightforward and the security model is presented in a writing style that makes it clear and understandable to the reader.

SeLinux: NSA's Open Source Security Enhanced Linux is highly recommended as both a Linux security solution and an excellent book on how to utilize all the resources of SeLinux. .


Go to lyrics-now.com for music lyrics and song lyrics.
Bass and guitar tablatures: Fretplay.com, Guitar tabs, Bass tabs, Fresh tabs, How to read tabs
Plan your travel and holiday here: Travel Helper!