zaterdag 27 juni 2009

SELinux screencasts

Here are some screen cast where i demonstrate some of the things that were discussed in the SELinux Lockdown series.

1. Create custom SELinux users.

Here i create a new SELinux User called new_u and map the staff_r, system_r and unconfined roles to this user. This SELinux User also has also has access to all available MCS categories.

Linux user joe is mapped to the new_u SELinux user. Default contexts for new_u SELinux were copied from those of staff_u since new_u is based of off staff_u with minor modifications (access to unconfined_r instead of sysadm_r)

Sudo is also set up to allow joe root access and to automatically Domain Transition to unconfined_t User Domain.

http://www.youtube.com/watch?v=NmkQqNq0DJE



2. Quick demonstration of PAM SEPermit.

http://www.youtube.com/watch?v=-0qge9vtPjg



3. Quick demonstration of unconfined_login boolean.

http://www.youtube.com/watch?v=Ky3jm5n4f8M



4. How to extend staff_t User Domain to allow listing of /var (part1)

http://www.youtube.com/watch?v=0gaxh0lZ4MU



4.1 How to extend staff_t User Domain to allow listing of /var (part2)

http://www.youtube.com/watch?v=Rnrca8khz1w



5. Create a new unprivileged (secondary) User Domain.

http://www.youtube.com/watch?v=bDFTiZOteiA



6. The newrole command is useful for unprivileged User Domain transitions.

http://www.youtube.com/watch?v=9N0WsncDrfY



7. Demonstration of how to create a Application Domain to achieve listing of /var for staff_t (part1)

http://www.youtube.com/watch?v=c06sjcC9CNs



7.1 Demonstration of how to create a Application Domain to achieve listing of /var for staff_t (part2)

http://www.youtube.com/watch?v=U2GDBor1BsQ



7.2 Demonstration of how to create a Application Domain to achieve listing of /var for staff_t (part3)

http://www.youtube.com/watch?v=riXisTFPEzo



Looks like the last episode turned out a bit too long for YouTube. Heres a trimmed down version:

http://www.youtube.com/watch?v=9UJUxqf3NkY



Excuse my bad english and funny dialect :)

Geen opmerkingen:

Een reactie plaatsen