Linux Admin Guide

Linux system administration and configuration guide. Download the full document from the attachments section below. Below is the excerpt from this document.

Workstation has a fairly minimal configuration atthe moment,so youcanremoveanypolicyfilesthatdon't interest you (apart from named.te and irc.te which we need for later exercises) ater nthetutorial you may install other packages so you may wantto eavethepolicyfiles nplaceforsuchpackages)Also please note that the sendmail.te policy conflicts with that for other mailserversso t must be removed.
If you accidentally remove a .te file that you need, then later you can copy tto /etc/selinux/domains/program/ from /usr/share/selinux/policy/default/domains/program/ and run "make - C/etc/selinux load".
After you have finished deciding which policyfilestotoremovethepackagewill hen ompileandinstallthe policy. Then it will label every file on thefilesystem withaasecurity type. The core of SE Linuxis Domain Type access control (known as DT). DT relies on every object(file, directory,networkport,etc)havingaa security type associated withit,it, and every processbeing naa ecurity domain. So the labelling of all the files on the file systemis a veryimportant partofofthe nstallation!
The final package toinstallin this phaseisis dpkg the Debian packge manager).Thepackage ontains modified version of dpkg that willlabel files withthecorrectSELinux type after installing them
Now reboot the machine to use the newkernel.
Second Stage of Installation
In the previous section you installed the bare minimum SELinux functionality, he SEkernel upportand a policy for the kernel toload. The policy packagerelabelledallfileson hefile ystemwithcorrecttypes for you. You also installed alogin programto allow youtoto ogin withthecorrectcontext,andaamodified version of dpkg to allow you to install programsin the correctcontext.
Now login to the machine, after entering yourroot password you will ee he ollowing:
lyta login: root
Password:
Last login: Fri Aug 16 033802 2002onvc/2vc/2
Linux server 2.419lsm #1 Tue Aug 614 53 07CESTCEST2002i686unknownunknown NU/Linux
Debian GNU/Linux comes with ABSOLUTELYNONO WARRANTYtototheextent permitted by applicable law
Your default security contextisis rootuser_r:user_t Do you want to enter a new securitycontext? n]
Now this means that it will log youin withthe context of root:vser r:user t by default.
The security contextis comprised ofthree parts,thefirst part s he identity which is the Unix username that you used to login The next partisthe role which is one of the roles that are assignedtothe dentity (an identity can have one role or multipleroles),rolenamescustomarilyend n r. The final part of the security context is the domain. The domain name ends in t, it is the determining factor for all SE Linux security decisions Each roleisislimitedto acertainsetofdomains
Therefore your identity (your Unix username) limits your choice of role, which determines which domain you can use, and therefore what access you gettotothesystem.

Download the complete document from the attachments section below.

Attachments

Comments (12)

aravind
Said this on 10-23-2007 At 04:17 pm
it is very good
shailen
Said this on 11-22-2007 At 02:17 pm
How to Configure Appache PHp And My-SQL
ughi
Said this on 11-27-2007 At 12:52 pm
better to give metirial in brief
uppi
Said this on 12-10-2007 At 02:13 pm
thanq
vivekanand
Said this on 12-26-2007 At 08:39 pm
it's a best of the world
RAmesh
Said this on 1-23-2008 At 09:10 pm
i need solaris interview questions
nandagopal
Said this on 2-11-2008 At 11:49 pm
i need linux interview question
dhoni
Said this on 2-28-2008 At 12:57 pm
wonderfull
raj
Said this on 4-12-2008 At 12:53 pm
need it send it now
Krishna
Said this on 6-11-2008 At 01:31 pm
I liked the way you explained. Good tips and attached document.
suresh n. shankare
Said this on 8-20-2008 At 04:53 pm
very good & it is important for me to the future
ASIF
Said this on 11-17-2008 At 07:44 pm
ya its very usful for all so its very good
Post a Comment
* Your Name:
* Your Email:
(not publicly displayed)
Reply Notification:
Approval Notification:
Website:
* Security Image:
Security Image Generate new
Copy the numbers and letters from the security image:
* Message:

Email to Friend

Fill in the form below to send this article to a friend:

Email to Friend
* Your Name:
* Your Email:
* Friend's Name:
* Friend's Email:
* Security Image:
Security Image Generate new
Copy the numbers and letters from the security image
* Message: