SELinux Link Zoo
Last update : Tuesday July 12, 2005My collection of SELinux resources. Click away.
Books
- SELinux Bill McCarty has written an excellent book on SELinux published by O'Reilly. Well worth getting if you're doing any work with SELinux.
SELinux Core websites
- The NSA SELinux website The Official, one-and-only place for SELinux official information and downloads.
- SourceForge SELinux site The UnOfficial site where the real hackers go.
SELinux Overviews and Reviews
- Security-Enhanced Fedora Core 2 a brief article at LWN.net on Fedora Core 2 and its SELinux 2.6 kernel.
- SELinux An entry-level article I wrote for SysAdmin magazine some time ago. Refers to the old pre-xattr SELinux.
- "SPY-NUX" Update Interesting article from the Information Security magazine by Pete Loshin.
- An Overview of Security Enhanced Linux A Kuro5hin article giving a quick and simple technical overview. A little out-dated.
- Uncovering the secrets of SE Linux: Part 1 Interesting article by Larry Loeb, who describes NSA's release as "equivalent to the Pope coming down off the balcony in Rome, working the crowd with a few loaves of bread and some fishes, and then inviting everyone to come over to his place to watch the soccer game and have a few beers". Part 2 is here.
- NAI Labs SELinux Brief (PDF) A 2-page PDF by Stephen Smalley of NAI Labs about SELinux.
- An Introduction to the NSA's Security Enhanced Linux : SELinux A SANS paper by Susan Rajnic.
Papers on access control models ( MAC, RBAC, DAC )
- Mandatory Access Control: Silver Bullet or Kafkaesque Nightmare? Part1 of an article on ITWorld.com by Jamie Reid. Part2 is here.
- An Introduction to Role-Based Access Control Interesting paper from NIST on RBAC. A bit old, but still good.
Papers on FLASK ( Flux Advanced Security Kernel )
FLASK is the precursor to SELinux, basically it formed a proof of concept whereas SELinux became a more acceptable practical application of the architecture.- Flask: Flux Advanced Security Kernel Stephen Smalley of NAI Labs describes the FLASK architecture.
SELinux Code and policy sources
- Russell Coker's SELinux archive Russell is one of the SELinux gurus out there. His archive contains up-to-date policy definitions and SELinux-aware applications. He also maintains the SELinux Debian packages.
- Tom Vogt's mirror of Russell's Debian packages. Based in Europe so probably has faster access. Includes APT packages.
SELinux HOWTOs, FAQs, and Technical Info for people actually using SELinux
- The Official NSA SELinux FAQ The Official FAQ from the NSA.
- The UnOfficial SELinux FAQ My UnOfficial FAQ.
- Installing SELinux on Fedora / RedHat A copy of the README from the SELinux userland package.
- Getting Started HOWTO A great HOWTO on getting started with the new (2.6 kernel) SELinux on Debian, by Faye Coker.
- Writing SE Linux Policy HOWTO Another good HOWTO from Faye Coker on writing SELinux policies. ( PDF version ).
- Configuring the SELinux policy The definitive document on writing SELinux policies.
- Confining the Apache Web Server with Security-Enhanced Linux A great article from MITRE on using SELinux policies to protect Apache web servers.
- Tresys Technology SELinux papers Tresys have a number of useful and practical papers on configuring SELinux policy definitions. Definitely worth a read if you are planning on writing policy files.
- Fedora Core 2 test2 SELinux FAQ A short FAQ from the Fedora Core development team.
Additional tools for SELinux
- Tresys SELinux tools Tresys have developed a number of tools to assist in managing policy files.
Test Systems
There's a couple of test systems available on the Internet which allow you to log in as root ( yes, that's log in as root ) and test its capabilities. Be gentle.- Fedora Russell Coker's Fedora demo machine
- Gentoo a demo machine from the Hardened Gentoo Team
- Debian Ed Street's Debian demo machine
Other stuff
- An article on Russell Coker Russell is one of the leading developers of SELinux.
