Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.


The intensive search for a more secure operating system has often left everyday, production computers far behind their experimental, research cousins. Now SELinux (Security Enhanced Linux) dramatically changes this. This best-known and most respected security-related extension to Linux embodies the key advances of the security field. Better yet, SELinux is available in widespread and popular distributions of the Linux operating system--including for Debian, Fedora, Gentoo, Red Hat Enterprise Linux, and SUSE--all of it free and open source. SELinux emerged from research by the National Security Agency and implements classic strong-security measures such as role-based access controls, mandatory access controls, and fine-grained transitions and privilege escalation following the principle of least privilege. It compensates for the inevitable buffer overflows and other weaknesses in applications by isolating them and preventing flaws in one application from spreading to others. The scenarios that cause the most cyber-damage these days--when someone gets a toe-hold on a computer through a vulnerability in a local networked application, such as a Web server, and parlays that toe-hold into pervasive control over the computer system--are prevented on a properly administered SELinux system. The key, of course, lies in the words "properly administered." A system administrator for SELinux needs a wide range of knowledge, such as the principles behind the system, how to assign different privileges to different groups of users, how to change policies to accommodate new software, and how to log and track what is going on. And this is where SELinux is invaluable. Author Bill McCarty, a security consultant who has briefed numerous government agencies, incorporates his intensive research into SELinux into this small but information-packed book. Topics include:

  • A readable and concrete explanation of SELinux concepts and the SELinux security model

  • Installation instructions for numerous distributions

  • Basic system and user administration

  • A detailed dissection of the SELinux policy language

  • Examples and guidelines for altering and adding policies

With SELinux, a high-security computer is within reach of any system administrator. If you want an effective means of securing your Linux system--and who doesn't?--this book provides the means.

Subscriber Reviews

Average Rating: 3 out of 5 rating Based on 1 Rating

"SELinux" - by Anonymous on 18-NOV-2011
Reviewer Rating: 1 star rating2 star rating3 star rating4 star rating5 star rating
The SELinux book presents a good over view for understanding and beginning to use the Linux security process.  SeLinux was developed by a number of groups led by the NSA to address the issues of computers running the UNIX/Linux operating systems.  This process was begun in the 1990’s and was released as an open source product in 2000.  The first Linux kernel incorporating this was Linux 2.5.
SELinux has been adopted for use by Red Hat, SUSE, Debian GNU/Linux and Gentoo Linux as well as most of the other Linux vendors.  The UNIX world has also adopted these concepts for use.
This reference book provides a clear description of the SELinux security model.  In clear terms and reference diagrams the book lets the reader gain insight of the subjects, object security classes, and actions that can be done against both subjects and objects.
From an understanding of subjects and objects the book takes you through the security contexts that the user will use which are based on the sets of objects and subjects that are developed to secure a Linux operating system.   With the understanding of security contexts, one is then led to transient and persistent objects and the differences between the two.  From this the reader is shown the logic for access decisions, then transition decisions and finally how the whole is constructed and the general SELinux architecture.  
From the first two chapters the reader then moves to the next two chapters discussing installing SELinux and administering the security tools and processes.  Installation is fairly straight forward.  In Red Hat which has SELinux ready to run as it is incorporated in the operating system requires either enabling SELinux at build time, or can be started from either command line or GUI later.  This book provides a good basic understanding of the real work involved in using SELinux by the administrator.  Here is where the book shows the basics of system modes and tuning of SELinux.  With SELinux now prepared to control the system the reader is led through the basics of controlling, routine use and administration, monitoring and trouble shooting.
Chapter 5 covers, in-depth, internal mechanisms of SELinux policy, two examples of SELinux policy from this the reader is shown the layout of a simple SELinux policy domain and finally a detailed description of the structure of SELinux policy.
Chapter 6 details the SELinux role-based access control model and it application within SELinux.
Chapter 7 takes the reader into a detailed explanation of topics from chapter 2, explaining the SELinux type-enforcement model, a review of the SELinux policy syntax, and type-enforcement declarations.  With this understanding the reader is then led through how a user would examine a sample policy.
Chapter 8 covers ancillary policy statements.  These statements are usually not required for most administrators.  This chapter helps and administrator understanding these concepts and how they might be applied.
Chapter 9 provides the user the understanding and detailed information for the administrator to just that, administer, and customize SELinux on a Linux operating system.
The final five parts of the book are reference appendixes.  These show detailed examples of the points discussed in the book.
In my current position as a Systems Administrator my project has a need to understand an use SELinux.  This book has been very helpful for me in understanding what SELinux is, how it is administered,  and how I can put SELinux into practice.  For the system administrator who has a need to gain and understanding of what SELinux is and how it can be put in practice I would recommend this book as both a general explanation of SELinux and as a reference.

Report as Inappropriate

Table of Contents



The publisher has provided additional content related to this title.


Visit the catalog page for SELinux

  • Catalog Page

Visit the errata page for SELinux

  • Errata