SELinux System Administration
Second Edition
Ward off traditional security permissions and effectively
secure your Linux systems with SELinux
Sven Vermeulen
BIRMINGHAM - MUMBAI
SELinux System Administration
Second Edition
Copyright © 2016 Packt Publishing
All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or
transmitted in any form or by any means, without the prior written permission of the
publisher, except in the case of brief quotations embedded in critical articles or reviews.
Every effort has been made in the preparation of this book to ensure the accuracy of the
information presented. However, the information contained in this book is sold without
warranty, either express or implied. Neither the author, nor Packt Publishing, and its
dealers and distributors will be held liable for any damages caused or alleged to be caused
directly or indirectly by this book.
Packt Publishing has endeavored to provide trademark information about all of the
companies and products mentioned in this book by the appropriate use of capitals.
However, Packt Publishing cannot guarantee the accuracy of this information.
First published: September 2013
Second edition: December 2016
Production reference: 1131216
Published by Packt Publishing Ltd.
Livery Place
35 Livery Street
Birmingham
B3 2PB, UK.
ISBN 978-1-78712-695-4
www.packtpub.com
Credits
Author
Sven Vermeulen
Copy Editor
Madhusudan Uchil
Reviewers
David Quigley
Sam Wilson
Project Coordinator
Judie Jose
Commissioning Editor
Kartikey Pandey
Proofreader
Safis Editing
Acquisition Editor
Namrata Patil
Indexer
Pratik Shirodkar
Content Development Editor
Amedh Gemraram Pohad
Graphics
Kirk D'Penha
Technical Editors
Vishal Kamal Mewada
Khushbu Sutar
Production Coordinator
Shantanu N. Zagade
About the Author
Sven Vermeulen is a long-term contributor to various free software projects and the author
of various online guides and resources. He got his first taste of free software in 1997 and
never looked back. In 2003, he joined the ranks of the Gentoo Linux project as a
documentation developer and has since worked in several roles, including Gentoo
Foundation trustee, council member, project lead for various documentation initiatives, and
(his current role) project lead for Gentoo Hardened SELinux integration and the system
integrity project.
During this time, Sven gained expertise in several technologies, ranging from OS-level
knowledge to application servers. He used his interest in security to guide his projects
further in the areas of security guides using SCAP languages, mandatory access controls
through SELinux, authentication with PAM, (application) firewalling, and more.
Within SELinux, Sven contributed several policies to the Reference Policy project, and he is
an active participant in policy development and user space development projects.
In his daily job, Sven is an IT architect in a European financial institution as well as a self-
employed solution engineer and consultant. The secure implementation of infrastructures
(and the surrounding architectural integration) is, of course, an important part of this. Prior
to this, he graduated with an MSc in computer engineering from Ghent University and MSc
in ICT enterprise architecture from h t t p ://i n n o . c o m /, and he worked as a web application
infrastructure engineer.
Sven is the main author of the Gentoo Handbook, which covers the installation and
configuration of Gentoo Linux on several architectures. He also authored the Linux Sea
online publication, which is a basic introduction to Linux for novice system administrators,
and SELinux System Administration and SELinux Cookbook for Packt Publishing.
I would like to thank the open source / free software community for its never ending drive
to create great software, documentation, artwork and services. It is through this drive that
companies and organizations around the world are enjoying high quality services with all
the freedom that this software provides. Specifically, I would like to thank the Gentoo
community as it provides a great meta-distribution and operating system. The people I
meet there are all greatly motivated, highly experienced and/or experts in particular fields.
Being around in the community makes me eager to learn more.
