Book review: SELinux by Example: Using Security Enhanced Linux <i>by Frank Mayer, Karl MacMillan and David Caplan</i>

Book review: SELinux by Example: Using Security Enhanced Linux by Frank Mayer, Karl MacMillan and David Caplan


Security is one of the important reasons GNU/Linux is chosen over MS Windows. Many folks will claim that GNU/Linux just isn’t targeted as often. Could be—but it could also be that it isn’t targeted as often due to its design. SELinux takes this concept one step further. Not just satisfied with the inherent security, SELinux has been developed by a team of concerned professionals and is now included by default in the 2.6 kernel. Yes, you may have SELinux already and didn’t even know it.

The authors are all involved with SELinux and have contributed much to it. Frank Mayer chairs the SELinux Symposium and has published many papers on secure operating systems. He is also the CTO of Tresys Technology. Karl MacMillan has lead development efforts for many of SELinux’s features. He has also had many papers published. David Caplan has been active in figuring out SELinux policies for many different systems.

The book’s coverThe book’s cover

This topic is probably not one you’ll spend the weekend reading about. For me, this would be a book to use at work to show management just how serious GNU/Linux can be about security. Fortunately, the authors do not expect their readers to go through the book “cover-to-cover” and they provide guidance on how to get the best use from the detailed material. Don't ignore this advice or you will find yourself dragging your feet a little after the first few chapters. This is a technical book, not a novel. But in this proper context, it is a book you may need.

If you are serious about security, you should have this book

The contents

There is a lot of information packed into these 456 pages. Not very many screenshots, but that wouldn’t really be appropriate anyway. Most of the examples are text files and they are displayed quite clearly. The command line instructions typically include the results you should expect from execution. This is as helpful as the instructions themselves and is done properly throughout the book. At seven by nine and a quarter inches, it will fit in just fine with your other technical books. Somehow the bright white cover ties in with security and just seems “clean”. A minor detail, but no accident I’m sure.

Who’s this book for?

If you are looking to take advantage of the security enhancements made available by SELinux, you should have this book. If you are going to be responsible for managing and writing SELinux policy, you should have this book.

Relevance to free software

Security is where free software can shine. While some will argue over a distributions GUI or argue over how software packages are installed and updated, you don’t hear many people arguing over security policies. With this book backing you up, you will be ready to take the argument to a level of detail that few are prepared for. But keep the discussions between professionals, nobody gets points for bashing the newbies.

The book and its examples are based on Redhat’s Fedora Core 4 (FC4). This is the environment used by the SELinux community and was the first distribution to fully support SELinux. Gentoo and Debian are additional distributions mentioned specifically as supporting SELinux as well.

Take security to a level of detail most folks will never go to

Pros

The authors are professionals. They are all seriously involved with SELinux and know their subject matter. Security is something you should really do right the first time. This book will show you details on how to make it happen.

Cons

Even for a technical book, this one struck me as a little dry. But don’t forget, I’m just one guy sitting at one PC. For somebody who’s job depended on keeping the network secure—this will probably end up being a favorite.
Title SELinux by Example
Author Frank Mayer, Karl MacMillan, David Caplan
Publisher Prentice Hall
ISBN 0131963694
Year 2006
Pages 456
CD included No
FS Oriented 10
Over all score 8

In short

Category: 
Reviews
Tagging: 
gnu/linux
book review
selinux
License: 
CC-BY

Author information

Brian Turner's picture

Biography

After 18 years supporting communication networks, satellite and microwave, I've discovered some fun on the PC again. GNU/Linux, Mac OS X and MS Windows all have their uses, but GNU/Linux is where the fun is at.

Most forwarded

Interview with Dave Mohyla, of DTIDATA

Dave Mohyla is the president and founder of dtidata.com, a hard drive recovery facility based in Tampa, Florida.

TM: Where are you based? What does your company do?
DTI Data recovery is based in South Pasadena, Florida which is a suburb of Tampa. We have been here for over 10 years. We operate a bio-metrically secured class 100 clean room where we perform hard drive recovery on all types of hard disks, from laptop hard drives to multi drive RAID systems.

Anybody up to writing good directory software?

Since the very beginning, directories (of any kind) have had a very central role in the internet. (I have recently grown fond of Free Web Directory. Even Slashdot can be considered a directory: a collection of great news and invaluable user-generated comments. As far as software is concerned, doing a quick search on Google about software directories will return the free (as in freedom) software directories like Savannah, SourceForge, Freshmeat and so on, followed by shareware and freeware sites such as FileBuzz, PCWin Download Center and All Freeware (great if you're looking for shareware and freeware, but definitely less comprehensive than their free-as-in-freedom counterparts).

Interview with Mark Shuttleworth

Mark Shuttleworth is the founder of Thawte, the first Certification Authority to sell public SSL certificates. After selling Thawte to Verisign, Mark moved on to training as an astronaut in Russia and visiting space. Once he got back he founded Ubuntu, the leading GNU/Linux distribution. He agreed on releasing a quick interview to Free Software Magazine.

Is better education the key to finding better software?

I read David Jonathon's article Anybody Up To Writing Good Directory Software? the other day, which got me thinking about software directories in general. As David mentioned, many of the software directories one finds when doing a quick google search are free as in beer, not as in freedom. But what interests me is the software directories that already exist, providing a combination of both free as in beer software, and open source software. Sites such as Freeware Downloads and Shareware Download don't advertise themselves as providing free as in liberty software, but each of them have a good selection of open source software available... if you know where to look.

Most emailed

Free Open Document label templates

If you’ve ever spent hours at work doing mailings, cursed your printer for printing outside the lines on your labels, or moaned “There has got to be a better way to do this,” here’s the solution you’ve been looking for. Working smarter, not harder! Worldlabel.com, a manufacture of labels offers Open Office / Libre Office labels templates for downloading in ODF format which will save you time, effort, and (if you want) make really cool-looking labels

Creating a user-centric site in Drupal

A little while ago, while talking in the #drupal mailing list, I showed my latest creation to one of the core developers there. His reaction was "Wow, I am always surprised what people use Drupal for". His surprise is somehow justified: I did create a site for a bunch of entertainers in Perth, a company set to use Drupal to take over the world with Entertainers.Biz.

Update: since writing this article, I have updated the system so that the whole booking process happens online. I will update the article accordingly!

So, why, why do people and companies develop free software?

More and more people are discovering free software. Many people only do so after weeks, or even months, of using it. I wonder, for example, how many Firefox users actually know how free Firefox really is—many of them realise that you can get it for free, but find it hard to believe that anybody can modify it and even redistribute it legally.

When the discovery is made, the first instinct is to ask: why do they do it? Programming is hard work. Even though most (if not all) programmers are driven by their higher-than-normal IQs and their amazing passion for solving problems, it’s still hard to understand why so many of them would donate so much of their time to creating something that they can’t really show off to anybody but their colleagues or geek friends.

Sure, anybody can buy laptops, and just program. No need to get a full-on lab or spend thousands of dollars in equipment. But... is that the full story?

Fun articles

Santa Claus - the most successful open source project

It dawned on me the other day, as I was shopping for the dozens of gifts it seems I have to buy every December, that Santa Claus is the most successful open source project in history. (Bridget @ Illiterarty would agree with that). Santa Claus is essentially a marketing development that is embodied by everyone who stuffs a sock, gives a gift, hosts a dinner or wishes Merry Christmas over the holiday season.

Most emailed

Editorial

When I first started thinking about Free Software Magazine, I was feeling enthusiastic about the dream. I had Dave, Gianluca, and Alan willing to help me, I had established members of the free software community willing to help me out, I had writers volunteering their time and energy for free, and I had a generous offer from OpenHosting for servers, all before I'd proved myself. There was a sense of excitement in the air, and I thought maybe, just maybe, I could make this work.

Free Software Magazine uses Apollo project management software and CRM for its everyday activities!