Red Hat ENTERPRISE LINUX 4 - SELINUX GUIDE Manual Manual pdf 87 page image
Manuals database logo
manualsdatabase
Your AI-powered manual search engine

Red Hat ENTERPRISE LINUX 4 - SELINUX GUIDE Manual

Also see for ENTERPRISE LINUX 4 - DEVELOPER TOOLS GUIDE: Installation guideInstallation guideTuning guideInstallation guideManual

Page 1 previewPage 2 previewPage 3 previewPage 4 previewPage 5 previewPage 6 previewPage 7 previewPage 8 previewPage 9 previewPage 10 previewPage 11 previewPage 12 previewPage 13 previewPage 14 previewPage 15 previewPage 16 previewPage 17 previewPage 18 previewPage 19 previewPage 20 previewPage 21 previewPage 22 previewPage 23 previewPage 24 previewPage 25 previewPage 26 previewPage 27 previewPage 28 previewPage 29 previewPage 30 previewPage 31 previewPage 32 previewPage 33 previewPage 34 previewPage 35 previewPage 36 previewPage 37 previewPage 38 previewPage 39 previewPage 40 previewPage 41 previewPage 42 previewPage 43 previewPage 44 previewPage 45 previewPage 46 previewPage 47 previewPage 48 previewPage 49 previewPage 50 previewPage 51 previewPage 52 previewPage 53 previewPage 54 previewPage 55 previewPage 56 previewPage 57 previewPage 58 previewPage 59 previewPage 60 previewPage 61 previewPage 62 previewPage 63 previewPage 64 previewPage 65 previewPage 66 previewPage 67 previewPage 68 previewPage 69 previewPage 70 previewPage 71 previewPage 72 previewPage 73 previewPage 74 previewPage 75 previewPage 76 previewPage 77 previewPage 78 previewPage 79 previewPage 80 previewPage 81 previewPage 82 previewPage 83 previewPage 84 previewPage 85 previewPage 86 previewPage 87 previewPage 88 previewPage 89 previewPage 90 previewPage 91 previewPage 92 previewPage 93 previewPage 94 previewPage 95 previewPage 96 previewPage 97 previewPage 98 previewPage 99 previewPage 100 previewPage 101 previewPage 102 previewPage 103 previewPage 104 previewPage 105 previewPage 106 previewPage 107 previewPage 108 previewPage 109 previewPage 110 previewPage 111 previewPage 112 previewPage 113 previewPage 114 previewPage 115 previewPage 116 previewPage 117 previewPage 118 previewPage 119 previewPage 120 previewPage 121 previewPage 122 previewPage 123 previewPage 124 previewPage 125 previewPage 126 previewPage 127 previewPage 128 previewPage 129 previewPage 130 preview
Contents
  1. Table Of Contents
  2. Table Of Contents
  3. SELinux Architectural Overview
  4. SELinux, an Implementation of Flask
  5. SELinux Policy Overview
  6. Where is the Policy
  7. Policy Role in Boot
  8. File System Security Contexts
  9. Object Classes and Permissions
  10. TE Rules - Attributes
  11. TE Rules - Types
  12. TE Rules - Access Vectors
  13. Policy Macros
  14. SELinux Users and Roles
  15. TE Rules - Constraints
  16. Special Interfaces and File Systems
  17. Targeted Policy Overview
  18. Files and Directories of the Targeted Policy
  19. Understanding the File Contexts Files
  20. Common Macros in the Targeted Policy
  21. II. Working With SELinux
  22. Controlling and Maintaining SELinux
  23. Administrator Control of SELinux
  24. Analyst Control of SELinux
  25. Policy Writer Control of SELinux
  26. Tools for Manipulating and Analyzing SELinux
  27. Using seaudit for Audit Log Analysis
  28. Using apol for Policy Analysis
  29. Performance Tuning
  30. Compiling SELinux Policy
  31. What Happens During Policy Build
  32. General Policy Troubleshooting Guidelines
  33. Writing New Policy for a Daemon
  34. Deploying Customized Binary Policy
  35. References
  36. III. Appendix
  37. A. Brief Background and History of SELinux
  38. Index
  39. Colophon
Red Hat ENTERPRISE LINUX 4 - SELINUX GUIDE Manual Manual pdf 87 page image
Chapter 6.Tools for Manipulating and Analyzing SELinuxAn administrator’s job may include analyzing and possibly manipulating the SELinux policy, as wellas doing performance analysis and tuning. This chapter discusses analysis and tuning.For policy manipulation, you may wish to support a new daemon or discover and fix a problem, asdiscussed in Chapter 8 Customizing and Writing Policy. One early step to writing policy is analyzingexisting policy so that you understand how it works. One example of this is given in Section 2.9.1 HowTo Backtrack a Rule, where a macro is analyzed through the process of backtracking to the source ofa set of rules.While some effective policy analysis can be done using standard command line text manipulationtools, sophisticated policy analysis requires stronger tools. The simpler targeted policy consists ofmore than 20,000 concatenated lines in policy.conf, which is derived from more than 150 macrosand thousands of lines of TE rules and file context settings, all interacting in very complex ways. Toolssuch as apol are designed specifically for doing analysis of SELinux policy. This chapter discussesthese tools, which are part of the setools package. In addition to the GUI analysis tools seaudit andapol, several command line tools that are useful for gathering information and statistics are explained.Analysis is also necessary when doing performance tuning. Due to the real and potential workloadimposed by the AVC system, you may have some situations where being able to manipulate how thisworks is useful to improving performance. This chapter presents some methods to tune your SELinuxinstallation.In order to use these applications, you need both the setools and setools-gui packagesinstalled. The other packages you need come with the SELinux installation: libselinux andpolicycoreutils.TipWhen you are running a privileged application over ssh, meaning an application that requires you tohave root privileges, you must use the -Y option. This option enables trusted X11 forwarding:ssh -Y root@host.example.comThe configuration requiring this is enabled by default and is new to Red Hat Enterprise Linux 4.6.1. Information Gathering ToolsThese tools are command line tools, providing formatted output. They are harder to use as part ofcommand line piping, but they provide gathered and well formatted information quickly.avcstatThis provides a short output of the access vector cache statistics since boot. You can watch thestatistics in real time by specifying a time interval in seconds. This provides updated statisticssince the initial output. The statistics file used is /selinux/avc/cache_stats, and you canspecify a different cache file with the -f /path/to/file. For example, this might be usefulfor reviewing saved snapshots of /selinux/avc/cache_stats.avcstatlookups hits misses allocs reclaims frees194658175 194645272 12903 12903 880 12402
/ 130
Related manuals for Red Hat ENTERPRISE LINUX 4 - DEVELOPER TOOLS GUIDE
Red Hat ENTERPRISE LINUX 4 - SECURITY GUIDE Manual first page preview
Red Hat ENTERPRISE LINUX 4 - SECURITY GUIDE Manual
Red Hat ENTERPRISE LINUX 4 - STEP BY STEP GUIDE Manual first page preview
Red Hat ENTERPRISE LINUX 4 - STEP BY STEP GUIDE Manual
Red Hat ENTERPRISE LINUX 4 Manual first page preview
Red Hat ENTERPRISE LINUX 4 Manual
Red Hat ENTERPRISE LINUX 4 Manual first page preview
Red Hat ENTERPRISE LINUX 4 Manual
Red Hat ENTERPRISE LINUX 3 - SECURITY GUIDE Manual first page preview
Red Hat ENTERPRISE LINUX 3 - SECURITY GUIDE Manual
Red Hat ENTERPRISE LINUX 3 - STEP BY STEP GUIDE Manual first page preview
Red Hat ENTERPRISE LINUX 3 - STEP BY STEP GUIDE Manual
Red Hat ENTERPRISE LINUX 4 - DEVELOPER TOOLS GUIDE Manual first page preview
Red Hat ENTERPRISE LINUX 4 - DEVELOPER TOOLS GUIDE Manual
Red Hat ENTERPRISE LINUX 5.5 - ONLINE STORAGE GUIDE Manual first page preview
Red Hat ENTERPRISE LINUX 5.5 - ONLINE STORAGE GUIDE Manual
Red Hat ENTERPRISE LINUX 4 - USING AS Using Manual first page preview
Red Hat ENTERPRISE LINUX 4 - USING AS Using Manual
Red Hat ENTERPRISE LINUX 4 - USING ID Using Manual first page preview
Red Hat ENTERPRISE LINUX 4 - USING ID Using Manual
This manual is suitable for:
ENTERPRISE LINUX 4 - DEVELOPER TOOLS GUIDE
Manuals database logo
manualsdatabase
Your AI-powered manual search engine