This small but information-packed book covers the wide range of knowledge needed to secure your system using this respected extension to Linux. SELinux discusses critical topics, such as SELinux concepts and its security model; installation instructions; system and user administration; understanding, implementing, and developing your own SELinux security policies. With SELinux, a high-security computer is within reach of any system administrator, and this book provides the means.
As a security researcher and author of computer books, I work hard to stay abreast of the latest technological developments. So, I'd been tracking Security Enhanced Linux (SELinux) on my technology radar for several years. But, frankly, it didn't seem to me easy enough, or robust enough, for dependable use by Linux system administrators.
About one year ago, SELinux seemed to grow up suddenly. I now believe that SELinux is the most important computing technology for Linux users that I've seen in the last several years. Obviously, others agree that SELinux is important and useful: SELinux has been incorporated into Fedora Core, Gentoo, and SUSE Linux. And by the time this book is in print, it's expected to be part of Red Hat Enterprise Linux.
Of course, as a good friend of mine—who happens to be an economist—is fond of saying, "There's no such thing as a free lunch." Like other security technologies, SELinux must be properly installed, configured, and maintained if it is to be effective. This book will help you understand and intelligently use SELinux. Whether you prefer to use the sample SELinux security policies delivered as part of a Linux distribution or to implement your own customized policies, this book will show you the way.
One thing SELinux: NSA's Open Source Security Enhanced Linux doesn't do is explain how to write programs that use the SELinux API. I anticipate that this book will be useful to those who want to write such programs. But SELinux is designed for system administrators, not programmers, and therefore doesn't assume programming skills or expertise. Consequently, those interested in using the SELinux API will have to supplement the material presented in this book with information obtained from SELinux documentation and other sources.