買這商品的人也買了...
-
Perl 學習手冊 (Learning Perl, 3/e)$580$458 -
Visual C#.NET 程式設計經典$650$553 -
作業系統概念 (Operating System Concepts, 6/e Windows XP Update)$780$741 -
用實例學 ASP.NET:使用 VB.NET 與 ADO.NET(2003修訂版)$620$490 -
C# Primer Plus 中文版 (C# Primer Plus)$680$537 -
鳥哥的 Linux 私房菜─基礎學習篇增訂版$560$504 -
SCJP‧SCJD 專業認證指南 (Sun Certified Programmer & Developer for Java 2 #310-305 與310-027)$850$723 -
Compilers: Principles, Techniques, and Tools (平裝) (美國版ISBN:0201100886)$980$399 -
人月神話:軟體專案管理之道 (20 週年紀念版)(The Mythical Man-Month: Essays on Software Engineering, Anniversary Edition, 2/e)$480$379 -
JSP 2.0 技術手冊$750$593 -
CCNA 認證教戰手冊 Exam 640-801 (CCNA Cisco Certified Network Associate Study Guide, 4/e)$780$663 -
最新 JavaScript 完整語法參考辭典 第三版$490$382 -
AutoCAD 2004 & 2005 實力養成暨評量$350$277 -
Linux 指令詳解辭典$650$553 -
PHP 網頁模組隨學隨用
$480$408 -
ASP.NET 徹底研究進階技巧─高階技巧與控制項實作$650$507 -
UML 精華第三版 : 標準物件模型語言 (UML Distilled, 3/e)$460$363 -
軟體測試理論與實作$520$406 -
Linux Kernel 完全剖析$750$585 -
ZigBee 技術開發 — Z-Stack 協議棧原理及應用$234$222 -
$1,248Pandas for Everyone: Python Data Analysis (Addison-Wesley Data & Analytics Series) -
$356Python 絕技 : 運用 Python 成為頂級數據工程師 -
Python 數據可視化之 matplotlib 實踐$354$336 -
一直學不會 Tensorflow? PyTorch 更好用更強大更易懂!$540$486 -
Hands-On Data Visualization with Bokeh: Interactive web plotting for Python using Bokeh$1,050$998
相關主題
商品描述
Description:
The intensive search for a more secure operating system has often left everyday, production computers far behind their experimental, research cousins. Now SELinux (Security Enhanced Linux) dramatically changes this. This best-known and most respected security-related extension to Linux embodies the key advances of the security field. Better yet, SELinux is available in widespread and popular distributions of the Linux operating system--including for Debian, Fedora, Gentoo, Red Hat Enterprise Linux, and SUSE--all of it free and open source.
SELinux emerged from research by the National Security Agency and implements classic strong-security measures such as role-based access controls, mandatory access controls, and fine-grained transitions and privilege escalation following the principle of least privilege. It compensates for the inevitable buffer overflows and other weaknesses in applications by isolating them and preventing flaws in one application from spreading to others. The scenarios that cause the most cyber-damage these days--when someone gets a toe-hold on a computer through a vulnerability in a local networked application, such as a Web server, and parlays that toe-hold into pervasive control over the computer system--are prevented on a properly administered SELinux system.
The key, of course, lies in the words "properly administered." A system administrator for SELinux needs a wide range of knowledge, such as the principles behind the system, how to assign different privileges to different groups of users, how to change policies to accommodate new software, and how to log and track what is going on. And this is where SELinux is invaluable. Author Bill McCarty, a security consultant who has briefed numerous government agencies, incorporates his intensive research into SELinux into this small but information-packed book. Topics include:
- A readable and concrete explanation of SELinux concepts and the SELinux security model
- Installation instructions for numerous distributions
- Basic system and user administration
- A detailed dissection of the SELinux policy language
- Examples and guidelines for altering and adding policies
With SELinux, a high-security computer is within reach of any system administrator. If you want an effective means of securing your Linux system--and who doesn't?--this book provides the means.
Table of Contents:
Preface
1. Introducing SELinux
Software Threats and the Internet
SELinux Features
Applications of SELinux
SELinux History
Web and FTP Sites
2. Overview of the SELinux Security Model
Subjects and Objects
Security Contexts
Transient and Persistent Objects
Access Decisions
Transition Decisions
SELinux Architecture
3. Installing and Initially Configuring SELinux
SELinux Versions
Installing SELinux
Linux Distributions Supporting SELinux
Installation Overview
Installing SELinux from Binary or Source Packages
Installing from Source
4. Using and Administering SELinux
System Modes and SELinux Tuning
Controlling SELinux
Routine SELinux System Use and Administration
Monitoring SELinux
Troubleshooting SELinux
5. SELinux Policy and Policy Language Overview
The SELinux Policy
Two Forms of an SELinux Policy
Anatomy of a Simple SELinux Policy Domain
SELinux Policy Structure
6. Role-Based Access Control
The SELinux Role-Based Access Control Model
Railroad Diagrams
SELinux Policy Syntax
User Declarations
Role-Based Access Control Declarations
7. Type Enforcement
The SELinux Type-Enforcement Model
Review of SELinux Policy Syntax
Type-Enforcement Declarations
Examining a Sample Policy
8. Ancillary Policy Statements
Constraint Declarations
Other Context-Related Declarations
Flask-Related Declarations
9. Customizing SELinux Policies
The SELinux Policy Source Tree
On the Topics of Difficulty and Discretion
Using the SELinux Makefile
Creating an SELinux User
Customizing Roles
Adding Permissions
Allowing a User Access to an Existing Domain
Creating a New Domain
Using Audit2allow
Policy Management Tools
The Road Ahead
A. Security Object Classes
B. SELinux Operations
C. SELinux Macros Defined in src/policy/macros
D. SELinux General Types
E. SELinux Type Attributes
Index
