Monday, January 11, 2010

9.11 The Road Ahead











 < Day Day Up > 







9.11 The Road Ahead





Having completed this chapter, you know quite a bit about SELinux and

typical SELinux policies. If you're content to run

only relatively popular applications and prefer to rely on others for

assistance in troubleshooting and fixing the occasional problems that

you're likely to run into when using SELinux,

you'll know pretty much all you need to know.





But typical Linux users are seldom so complacent. Those that desire

even greater control over their computing affairs have merely begun

to learn what they need to know about SELinux. This book has covered

the fundamentals. But the SELinux policy is a sophisticated software

unit whose mastery demands significant study and experimentation.

Moreover, SELinux is still a relatively new software product and is

constantly undergoing change. So in working with SELinux, you should

anticipate that you will encounter many interesting puzzles and

challenges. If you resemble the typical Linux user,

you'll enjoy tackling and overcoming these. You

should also anticipate that your growing SELinux expertise will

enable you to better secure your systems and applications, which

should help you�and your management�sleep more soundly.





SELinux and the SELinux sample policy are powerful tools for securing

systems. But like other security tools, their proper installation and

ongoing use demand significant expertise. From this book, you can

learn how SELinux works and the syntax and semantics of the SELinux

policy language. But mastery of SELinux demands thorough

understanding of the policy domains associated with principal

programs and applications installed on your systems. And since

SELinux and its policies are regularly updated and improved,

understanding arises only from an ongoing process of study and

learning.





Here are some tips for developing a progressively greater

understanding of SELinux:





  • Maintain at least one system dedicated for testing new and revised

    SELinux policies and releases.

  • Begin a study of the TE files associated with important programs and

    applications.

  • Regularly review postings to relevant e-mail lists such as

    fedora-selinux-list@redhat.com and

    SELinux@tycho.nsa.gov.

  • Experiment by creating new policies and observing the results.



May all your policies build correctly the first time and authorize

neither too few nor too many permissions!



















     < Day Day Up > 



    No comments: