Difference between revisions of "User Resources"

From SELinux Wiki
Jump to: navigation, search
m (17 revision(s))
(Books)
 
(76 intermediate revisions by 8 users not shown)
Line 1: Line 1:
 +
== Guides ==
 +
 +
* [https://docs.fedoraproject.org/en-US/Fedora/19/html/Security_Guide/ch09.html SELinux]
 +
* [https://docs.fedoraproject.org/en-US/Fedora/19/html/Security_Guide/ch10.html Managing Confined Services]
 +
 
== FAQs and Documentation ==
 
== FAQs and Documentation ==
  
[http://www.nsa.gov/selinux/info/faq.cfm NSA SELinux FAQ]
+
[http://www.slideshare.net/PaulWay/selinux-for-everyday-users SELinux for Everyday Users] (Slides by Paul Wayper)
 +
 
 +
[http://www.slideshare.net/PaulWay/slug-2009-06-selinux-for-sysadmins SELinux for SysAdmins] (Slides by Paul Wayper)
 +
 
 +
[http://userspace.selinuxproject.org/trac/wiki/SelinuxTools SELinux Tools] (canonical list with explanations)
 +
 
 +
[http://www.nsa.gov/research/selinux/faqs.shtml NSA SELinux FAQ]
  
 
[http://fedoraproject.org/wiki/SELinux/FAQ Fedora SELinux FAQ]
 
[http://fedoraproject.org/wiki/SELinux/FAQ Fedora SELinux FAQ]
Line 7: Line 18:
 
[http://oss.tresys.com/projects/refpolicy/wiki/Documentation Reference policy documentation]
 
[http://oss.tresys.com/projects/refpolicy/wiki/Documentation Reference policy documentation]
  
[http://www.nsa.gov/selinux/info/docs.cfm NSA SELinux documentation]
+
[http://www.nsa.gov/research/selinux/docs.shtml NSA SELinux documentation]
  
 
[http://www.tresys.com/selinux.html Tresys SELinux resources]
 
[http://www.tresys.com/selinux.html Tresys SELinux resources]
  
 
[http://people.redhat.com/drepper/selinux-mem.html Understanding SELinux memory protection controls]
 
[http://people.redhat.com/drepper/selinux-mem.html Understanding SELinux memory protection controls]
 +
 +
[http://people.redhat.com/drepper/textrelocs.html Explanation of text relocations and a description of how to find the reason and how to fix them]
  
 
[http://jczucco.googlepages.com/selinux.html Portuguese Documentation] Hardening Linux Usando Controle de Acesso Mandatório
 
[http://jczucco.googlepages.com/selinux.html Portuguese Documentation] Hardening Linux Usando Controle de Acesso Mandatório
  
== Mailing lists ==
+
[http://wiki.centos.org/TipsAndTricks/SelinuxBooleans SELinux Booleans] Documentation at the Centos Wiki
  
[http://www.nsa.gov/selinux/info/list.cfm NSA SELinux mailing list] [http://marc.info/?l=selinux (Unofficial searchable list archive)]
+
[http://www.redhatmagazine.com/2008/07/02/writing-policy-for-confined-selinux-users/ Writing policy for confined SELinux users] Red Hat Magazine article by Dan Walsh.
  
[http://www.redhat.com/mailman/listinfo/fedora-selinux-list Fedora SELinux list]
+
[http://magazine.redhat.com/2008/04/17/fedora-9-and-summit-preview-confining-the-user-with-selinux/ Fedora 9 and summit preview: Confining the user with SELinux] Red Hat Magazine article by Dan Walsh.
  
[http://lists.alioth.debian.org/pipermail/selinux-devel Debian SELinux devel list]
+
[http://magazine.redhat.com/2007/05/04/whats-new-in-selinux-for-red-hat-enterprise-linux-5/ What's new in SELinux for Red Hat Enterprise Linux 5] Red Hat Magazine article by Dan Walsh.
  
[http://lists.alioth.debian.org/pipermail/selinux-user Debian SELinux user list]
+
[http://magazine.redhat.com/2007/08/21/a-step-by-step-guide-to-building-a-new-selinux-policy-module/ A step by step guide to building a new SELinux policy module] Red Hat Magazine article by Dan Walsh.
  
[http://www.gentoo.org/main/en/lists.xml Gentoo Hardened list]
+
[http://www.redhat.com/magazine/001nov04/features/selinux/ What is Security-Enhanced Linux?] Red Hat Magazine article by Russell Coker.
  
[https://lists.ubuntu.com/mailman/listinfo/ubuntu-hardened Ubuntu Hardened list]
+
[http://www.ibm.com/developerworks/linux/library/l-lxc-security/index.html Secure Linux containers cookbook] by Serge Hallyn of IBM.
  
[http://mail.opensolaris.org/mailman/listinfo/fmac-discuss OpenSolaris FMAC list]
+
[http://www.ibm.com/developerworks/linux/library/l-rbac-selinux/ Role-based access control in SELinux: Learn your way around this admin-friendly security administration layer] by Serge Hallyn of IBM.
  
== IRC ==
+
[http://www.ibm.com/developerworks/linux/library/l-selinux.html SELinux from scratch: Build an SELinux-ready Gentoo system] by Serge Hallyn from IBM.
  
irc.freenode.net channel #selinux
+
[http://www.coker.com.au/selinux/talks/sage-2006/PolyInstantiatedDirectories.html Polyinstantiation of directories in an SELinux system] by Russell Coker.
  
== Websites ==
+
[http://www.redhat.com/magazine/006apr05/features/selinux/ Taking advantage of SELinux in Red Hat Enterprise Linux] Red Hat Magazine article by Faye Coker and Russell Coker.
  
[http://selinuxnews.org SELinux Community News]
+
[http://www.redhat.com/docs/manuals/enterprise/RHEL-4-Manual/selinux-guide/ Red Hat Enterprise Linux 4 SELinux user guide]
  
[http://selinuxnews.org/planet Planet SELinux]
+
[http://www.redhat.com/search?q=selinux&site=redhat_kbase&asp_charset=ISO-8859-1&filter=0&client=kbase&proxystylesheet=kbase&lr=lang_en Summary of SELinux articles on Red Hat knowledge base]
  
[http://www.nsa.gov/selinux NSA SELinux website]
+
[http://fedoraproject.org/wiki/Interviews/SELinux Interview with Daniel Walsh, the principal developer of SELinux in Fedora from Red Hat, where he tells us more about what SELinux does and how it's improved in Fedora 8]
 +
 
 +
[http://fedoraproject.org/wiki/PackagingDrafts/SELinux/PolicyModules Fedora SELinux Policy Module Packaging] (draft)
 +
 
 +
[http://wiki.postgresql.org/wiki/SEPostgreSQL SEPostgreSQL introduction]
 +
 
 +
[http://oss.tresys.com/projects/refpolicy/wiki/ObjectClassesPerms SELinux object classes and permissions reference]
 +
 
 +
[http://oss.tresys.com/docs/refpolicy/api/ SELinux reference policy interface reference]
 +
 
 +
[http://code.google.com/p/sepgsql/wiki/Apache_SELinux_plus SELinux plus introduction]
 +
 
 +
[http://www.selinuxbyexample.com/ SELinux by example]
 +
 
 +
[http://www.linuxsecurity.com/content/view/120622 Hacks From Pax: SELinux And Access Decisions] by Pax Dickinson.
 +
 
 +
[http://www.linuxsecurity.com/content/view/120567/49/ Hacks From Pax: Security Enhanced Linux and Mandatory Access Control] by Pax Dickinson.
 +
 
 +
[http://www.linuxsecurity.com/content/view/120837/169/ Hacks From Pax: SELinux Policy Development] by Pax Dickinson.
 +
 
 +
[http://www.linuxjournal.com/article/9542 Paranoid Penguin - Introduction to SELinux, Part II] by Mick Bauer.
 +
 
 +
[http://www.linuxjournal.com/article/9500 Paranoid Penguin - Introduction to SELinux] by Mick Bauer.
 +
 
 +
[http://www.linuxjournal.com/article/9408 Multi-Category Security in SELinux in Fedora Core 5] by Russell Coker.
 +
 
 +
[http://www.nsa.gov/research/_files/selinux/papers/policy2/t1.shtml Configuring the SELinux Policy]
 +
 
 +
[[ObjectClassesPerms | Object Classes and Permissions descriptions]]
 +
 
 +
== Books ==
 +
 
 +
* [https://www.packtpub.com/networking-and-servers/selinux-system-administration-second-edition SELinux System Administration - Second Edition] by Sven Vermeulen, Packt.
 +
 
 +
* [https://www.packtpub.com/in/networking-and-servers/selinux-cookbook?utm_source=selinuxproject.org&utm_medium=referral&utm_campaign=Outreach - SELinux Cookbook] by Sven Vermeulen, Packt.
 +
 
 +
== Videos ==
 +
 
 +
* [https://www.packtpub.com/networking-and-servers/advanced-selinux-system-administration-video Advanced SELinux System Administration (Video)] by Sven Vermeulen, Packt.
 +
* [https://www.packtpub.com/networking-and-servers/getting-started-selinux-system-administration-video Getting started with SELinux System Administration (Video)] by Sven Vermeulen, Packt.
 +
 
 +
== Mailing lists and IRC ==
 +
 
 +
[[User_Help | Mailing lists and IRC channels]]
 +
 
 +
== Blogs ==
 +
 
 +
* [http://selinuxnews.org SELinux Community News]
 +
* [http://selinuxnews.org/planet Planet SELinux] - Aggregates all of the blogs below (plus some more)
 +
** [http://danwalsh.livejournal.com/ Dan Walsh]
 +
** [http://selinux-mac.blogspot.com/ Dominick Grift]
 +
** [http://eparis.livejournal.com/ Eric Paris]
 +
** [http://blog.namei.org/ James Morris]
 +
** [http://securityblog.org/brindle/ Joshua Brindle]
 +
** [http://paulmoore.livejournal.com/ Paul Moore]
 +
 
 +
== Websites ==
 +
 
 +
[http://wiki.russianfedora.ru/index.php/SELinux Russian Fedora SELinux Wiki]
 +
 
 +
[http://www.nsa.gov/research/selinux/index.shtml NSA SELinux website]
  
 
[http://www.selinux-symposium.org/ SELinux Symposium 2005-2007]
 
[http://www.selinux-symposium.org/ SELinux Symposium 2005-2007]
Line 62: Line 135:
  
 
[http://www.coker.com.au/selinux/ Russell Coker's SELinux Site]
 
[http://www.coker.com.au/selinux/ Russell Coker's SELinux Site]
 +
 +
[http://people.redhat.com/dwalsh/ Dan Walsh's SELinux site]
 +
 +
[http://selinux.sourceforge.net/ Public forum for the NSA Security-Enhanced Linux project]
  
 
== Tools ==
 
== Tools ==
  
setsebool(8)
+
[http://linux.die.net/man/8/setsebool setsebool(8)]
  
audit2allow(1)
+
[http://linux.die.net/man/1/audit2allow audit2allow(1)]
  
semanage(8)
+
[http://linux.die.net/man/8/semanage semanage(8)]
  
restorecon(8)
+
[http://linux.die.net/man/8/restorecon restorecon(8)]
 +
 
 +
[http://linux.die.net/man/1/chcon chcon(1)]
 +
 
 +
[http://linux.die.net/man/3/matchpathcon matchpathcon(3)]
 +
 
 +
[http://linux.die.net/man/8/chcat chcat(8)]
 +
 
 +
[http://linux.die.net/man/8/getsebool getsebool(8)]
 +
 
 +
[http://linux.die.net/man/8/semodule semodule(8)]
 +
 
 +
[http://linux.die.net/man/8/sestatus sestatus(8)]
 +
 
 +
[http://linux.die.net/man/8/togglesebool togglesebool(8)]
 +
 
 +
[http://linux.die.net/man/8/selinuxenabled selinuxenabled(8)]
 +
 
 +
[http://linux.die.net/man/8/setfiles setfiles(8)]
 +
 
 +
[http://linux.die.net/man/8/audit2why audit2why(8)]
 +
 
 +
[http://linux.die.net/man/8/fixfiles fixfiles(8)]
 +
 
 +
[http://linux.die.net/man/8/getenforce getenforce(8)]
 +
 
 +
[http://linux.die.net/man/8/setenforce setenforce(8)]
 +
 
 +
[http://linux.die.net/man/1/newrole newrole(1)]
 +
 
 +
[http://linux.die.net/man/8/run_init run_init(8)]
 +
 
 +
[http://linux.die.net/man/1/runcon runcon(1)]
 +
 
 +
[http://linux.die.net/man/8/restorecond restorecond(8)]
  
 
system-config-selinux
 
system-config-selinux
Line 84: Line 195:
  
 
[http://seedit.sourceforge.net SELinux Policy Editor]
 
[http://seedit.sourceforge.net SELinux Policy Editor]
 +
 +
== Manual pages ==
 +
 +
[http://linux.die.net/man/8/selinux selinux(8)]
 +
 +
[http://linux.die.net/man/8/booleans booleans(8)]
 +
 +
[http://linux.die.net/man/8/ftpd_selinux ftpd_selinux(8)]
 +
 +
[http://linux.die.net/man/8/named_selinux named_selinux(8)]
 +
 +
[http://linux.die.net/man/8/rsync_selinux rsync_selinux(8)]
 +
 +
[http://linux.die.net/man/8/httpd_selinux httpd_selinux(8)]
 +
 +
[http://linux.die.net/man/8/nfs_selinux nfs_selinux(8)]
 +
 +
[http://linux.die.net/man/8/samba_selinux samba_selinux(8)]
 +
 +
[http://linux.die.net/man/8/kerberos_selinux kerberos_selinux(8)]
 +
 +
[http://linux.die.net/man/8/nis_selinux nis_selinux(8)]
 +
 +
[http://linux.die.net/man/8/ypbind_selinux ypbind_selinux(8)]
 +
 +
== Topics ==
 +
 +
 +
[[SELinux_models|SELinux security models and concepts]]

Latest revision as of 07:26, 27 June 2019

Guides

FAQs and Documentation

SELinux for Everyday Users (Slides by Paul Wayper)

SELinux for SysAdmins (Slides by Paul Wayper)

SELinux Tools (canonical list with explanations)

NSA SELinux FAQ

Fedora SELinux FAQ

Reference policy documentation

NSA SELinux documentation

Tresys SELinux resources

Understanding SELinux memory protection controls

Explanation of text relocations and a description of how to find the reason and how to fix them

Portuguese Documentation Hardening Linux Usando Controle de Acesso Mandatório

SELinux Booleans Documentation at the Centos Wiki

Writing policy for confined SELinux users Red Hat Magazine article by Dan Walsh.

Fedora 9 and summit preview: Confining the user with SELinux Red Hat Magazine article by Dan Walsh.

What's new in SELinux for Red Hat Enterprise Linux 5 Red Hat Magazine article by Dan Walsh.

A step by step guide to building a new SELinux policy module Red Hat Magazine article by Dan Walsh.

What is Security-Enhanced Linux? Red Hat Magazine article by Russell Coker.

Secure Linux containers cookbook by Serge Hallyn of IBM.

Role-based access control in SELinux: Learn your way around this admin-friendly security administration layer by Serge Hallyn of IBM.

SELinux from scratch: Build an SELinux-ready Gentoo system by Serge Hallyn from IBM.

Polyinstantiation of directories in an SELinux system by Russell Coker.

Taking advantage of SELinux in Red Hat Enterprise Linux Red Hat Magazine article by Faye Coker and Russell Coker.

Red Hat Enterprise Linux 4 SELinux user guide

Summary of SELinux articles on Red Hat knowledge base

Interview with Daniel Walsh, the principal developer of SELinux in Fedora from Red Hat, where he tells us more about what SELinux does and how it's improved in Fedora 8

Fedora SELinux Policy Module Packaging (draft)

SEPostgreSQL introduction

SELinux object classes and permissions reference

SELinux reference policy interface reference

SELinux plus introduction

SELinux by example

Hacks From Pax: SELinux And Access Decisions by Pax Dickinson.

Hacks From Pax: Security Enhanced Linux and Mandatory Access Control by Pax Dickinson.

Hacks From Pax: SELinux Policy Development by Pax Dickinson.

Paranoid Penguin - Introduction to SELinux, Part II by Mick Bauer.

Paranoid Penguin - Introduction to SELinux by Mick Bauer.

Multi-Category Security in SELinux in Fedora Core 5 by Russell Coker.

Configuring the SELinux Policy

Object Classes and Permissions descriptions

Books

Videos

Mailing lists and IRC

Mailing lists and IRC channels

Blogs

Websites

Russian Fedora SELinux Wiki

NSA SELinux website

SELinux Symposium 2005-2007

Tresys Open Source Server

Fedora SELinux project wiki

Hardened Gentoo's SELinux project page

Debian SELinux wiki

Engarde SELinux page

Ubuntu SELinux wiki

OpenSolaris Flexible MAC project

Japanese SELinux Users Group

Russell Coker's SELinux Site

Dan Walsh's SELinux site

Public forum for the NSA Security-Enhanced Linux project

Tools

setsebool(8)

audit2allow(1)

semanage(8)

restorecon(8)

chcon(1)

matchpathcon(3)

chcat(8)

getsebool(8)

semodule(8)

sestatus(8)

togglesebool(8)

selinuxenabled(8)

setfiles(8)

audit2why(8)

fixfiles(8)

getenforce(8)

setenforce(8)

newrole(1)

run_init(8)

runcon(1)

restorecond(8)

system-config-selinux

SETroubleshoot

SELinux Policy IDE (SLIDE)

SETools Policy Analysis Suite

Cross Domain Solution Framework

SELinux Policy Editor

Manual pages

selinux(8)

booleans(8)

ftpd_selinux(8)

named_selinux(8)

rsync_selinux(8)

httpd_selinux(8)

nfs_selinux(8)

samba_selinux(8)

kerberos_selinux(8)

nis_selinux(8)

ypbind_selinux(8)

Topics

SELinux security models and concepts