se linux for everyday sysadmins
DESCRIPTION
Palestra realizada 10° Fórum Internacional Software Livre(http://fisl.softwarelivre.org/10/papers/pub/programacao?print=1)TRANSCRIPT
![Page 1: SE Linux For Everyday SysAdmins](https://reader034.vdocuments.mx/reader034/viewer/2022052504/549c0d76ac7959ec2a8b4624/html5/thumbnails/1.jpg)
SELinux forEveryday SysAdmins
Jeronimo Zucco [email protected]
Ulisses [email protected]
10º Forum Internacional de Software Livre – FISL 2009
![Page 2: SE Linux For Everyday SysAdmins](https://reader034.vdocuments.mx/reader034/viewer/2022052504/549c0d76ac7959ec2a8b4624/html5/thumbnails/2.jpg)
Quem Somos ?
● Jeronimo Zucco: Bacharel em Ciência da Computação e Pós-Graduado em Gerência e Segurança de Redes. 11 anos de experiência com GNU/Linux.
● Ulisses Castro: Consultor, Instrutor e Pentester com ênfase em Software Livre, Hardening em Sistemas Operacionais e Banco de Dados, Mantenedor Debian (selinux-basics), OWASP: ASDR, Top Ten, CEH (Certified Ethical Hacker), LPIC-2, Desenvolvedor Python
![Page 3: SE Linux For Everyday SysAdmins](https://reader034.vdocuments.mx/reader034/viewer/2022052504/549c0d76ac7959ec2a8b4624/html5/thumbnails/3.jpg)
Incidentes de Segurança
![Page 4: SE Linux For Everyday SysAdmins](https://reader034.vdocuments.mx/reader034/viewer/2022052504/549c0d76ac7959ec2a8b4624/html5/thumbnails/4.jpg)
![Page 5: SE Linux For Everyday SysAdmins](https://reader034.vdocuments.mx/reader034/viewer/2022052504/549c0d76ac7959ec2a8b4624/html5/thumbnails/5.jpg)
![Page 6: SE Linux For Everyday SysAdmins](https://reader034.vdocuments.mx/reader034/viewer/2022052504/549c0d76ac7959ec2a8b4624/html5/thumbnails/6.jpg)
![Page 7: SE Linux For Everyday SysAdmins](https://reader034.vdocuments.mx/reader034/viewer/2022052504/549c0d76ac7959ec2a8b4624/html5/thumbnails/7.jpg)
Contextos de Segurança
● ls -Z-rw-r--r--. root root system_u:object_r:net_conf_t:s0 /etc/resolv.conf
drwxr-xr-x. jczucco jczucco unconfined_u:object_r:user_home_t:s0 Documents
![Page 8: SE Linux For Everyday SysAdmins](https://reader034.vdocuments.mx/reader034/viewer/2022052504/549c0d76ac7959ec2a8b4624/html5/thumbnails/8.jpg)
Firefox poderia ler a chave privada?
ronaldo 5949 3.6 12.8 130792 32188 ? Sl23:43 0:06 firefox-bin
-rw------- 1 ronaldo admins 1671 Aug 11 23:48 id_rsa
![Page 9: SE Linux For Everyday SysAdmins](https://reader034.vdocuments.mx/reader034/viewer/2022052504/549c0d76ac7959ec2a8b4624/html5/thumbnails/9.jpg)
DAC x MAC
![Page 10: SE Linux For Everyday SysAdmins](https://reader034.vdocuments.mx/reader034/viewer/2022052504/549c0d76ac7959ec2a8b4624/html5/thumbnails/10.jpg)
![Page 11: SE Linux For Everyday SysAdmins](https://reader034.vdocuments.mx/reader034/viewer/2022052504/549c0d76ac7959ec2a8b4624/html5/thumbnails/11.jpg)
Security-Enhanced Linux
![Page 12: SE Linux For Everyday SysAdmins](https://reader034.vdocuments.mx/reader034/viewer/2022052504/549c0d76ac7959ec2a8b4624/html5/thumbnails/12.jpg)
![Page 13: SE Linux For Everyday SysAdmins](https://reader034.vdocuments.mx/reader034/viewer/2022052504/549c0d76ac7959ec2a8b4624/html5/thumbnails/13.jpg)
SELinux - Arquitetura
![Page 14: SE Linux For Everyday SysAdmins](https://reader034.vdocuments.mx/reader034/viewer/2022052504/549c0d76ac7959ec2a8b4624/html5/thumbnails/14.jpg)
SELinux - Elementos
![Page 15: SE Linux For Everyday SysAdmins](https://reader034.vdocuments.mx/reader034/viewer/2022052504/549c0d76ac7959ec2a8b4624/html5/thumbnails/15.jpg)
Usabilidade
“...life is too short for SELinux.” (Theodore Ts’o)”
![Page 16: SE Linux For Everyday SysAdmins](https://reader034.vdocuments.mx/reader034/viewer/2022052504/549c0d76ac7959ec2a8b4624/html5/thumbnails/16.jpg)
SELinux – Política Targeted
![Page 17: SE Linux For Everyday SysAdmins](https://reader034.vdocuments.mx/reader034/viewer/2022052504/549c0d76ac7959ec2a8b4624/html5/thumbnails/17.jpg)
SELinux Management
![Page 18: SE Linux For Everyday SysAdmins](https://reader034.vdocuments.mx/reader034/viewer/2022052504/549c0d76ac7959ec2a8b4624/html5/thumbnails/18.jpg)
SeTroubleshoot
![Page 19: SE Linux For Everyday SysAdmins](https://reader034.vdocuments.mx/reader034/viewer/2022052504/549c0d76ac7959ec2a8b4624/html5/thumbnails/19.jpg)
SELinux: Possibilidades de Uso● Labeled networking● Quiosque● Svirt● Sandbox● RBAC● Android● Sepgsql
● MLS● MCS● mod_selinux
![Page 20: SE Linux For Everyday SysAdmins](https://reader034.vdocuments.mx/reader034/viewer/2022052504/549c0d76ac7959ec2a8b4624/html5/thumbnails/20.jpg)
man -k selinux
![Page 21: SE Linux For Everyday SysAdmins](https://reader034.vdocuments.mx/reader034/viewer/2022052504/549c0d76ac7959ec2a8b4624/html5/thumbnails/21.jpg)
demo