Rootconf Miniconf

DevOps war stories in e-commerce

Harness Security Enhanced Linux for a Truly Hardened Server

Submitted by REJY M CYRIAC (@rejy) on Friday, 31 October 2014

videocam_off

Technical level

Intermediate

Section

Workshops

Status

Confirmed & Scheduled

View proposal in schedule

Vote on this proposal

Login to vote

Total votes:  +1

Objective

Learn, explore and experience the security provided by Security Enhanced Linux (SELinux), to get set on the path of SELinux Enlightenment, and improve server security.

Description

Security Enhanced Linux (SELinux) provides tremendous power to tighten process security on Linux systems. By not optimising, or worse, by not enabling SELinux, Linux server hardening would remain incomplete, and the Linux servers may be vulnerable to process hijacks/exploits.

The first step to set this right is to understand the fundamentals of SELinux, and to have a hands-on learning experience in fine tuning the available rules and parameters. This would remove the barriers of fear in using SELinux, and provide the confidence to proceed to making use of SELinux, on development to production Linux servers, for widely used services. And then progressively, with the enhanced knowledge of experience, it would be easier to further progress to the advanced usage of SELinux, for securing customised services as well.

This workshop on SELinux is targeted to help System Administrators and DevOps Engineers to get started on the path, and provide hands-on experience in the initial steps along the path. The workshop will utilise interactive lecture, live demonstration, and direct participant hands-on models of learning.

Requirements

Fedora20/RHEL6/CentOS6 System/VirtualMachine with the following packages installed

setroubleshoot
setroubleshoot-server
setroubleshoot-plugins
policycoreutils
policycoreutils-python
policycoreutils-gui
setools
setools-gui
setools-console

Note:
Live DVD images of the Fedora20 will be made available, which may be used to boot up a Virtual Machine on the system.
If a Virtual Machine is intended to be used, please make sure that the virtualization environment on the system is prepared beforehand.
A few Live DVDs and Live USBs of Fedora20 will also be available, to be used to boot the laptop into Fedora20, if desired.
A repository of the required packages and their dependencies will also be available.

Speaker bio

Working in Engineering at Red Hat, Bangalore
User and Evangelist of SELinux for over 8 years
Have trained and assisted SysAdmins/DevOps to use SELinux on servers
Passionate about Open Source

Red Hat Certified Architect
Red Hat Certified Data Center Specialist
Red Hat Certified Security Specialist

Links

Comments

Login with Twitter or Google to leave a comment