Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Security Week: March 30th, 2015
Linux Advisory Watch: March 27th, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Review: SELinux by Example Print E-mail
User Rating:      How can I rate this item?
Source: Ryan W. Maple - Posted by Ryan W. Maple   
Book Reviews If you use Linux then you've most probably at least heard of Security-Enhanced Linux (SELinux). In this feature story Ryan W. Maple gives a review and his opinion of the latest and greatest book to cover SELinux: SELinux by Example: Using Security Enhanced Linux. Read on for Ryan's review.

Ryan w. Maple
Date: October 16, 2006


Title SELinux by Example: Using Security Enhanced Linux
Authors Frank Mayer, Karl MacMillan, David Caplan
Pages 425
ISBN 0-13-196369-4
Publisher Prentice Hall PTR
Edition 1st edition (July 27, 2006)
Purchase Amazon


"SELinux by Example" is a hands-on book aimed towards anybody interested in Security-Enhanced Linux (SELinux). Whether you want to learn how to write SELinux policy or administer a machine running SELinux, you will find tremendous value in this book. Each chapter conveniently wraps up with a bullet-point summary of the material that was covered and some exercises which do an excellent job of driving the points home, giving this book it's "hands-on" feel.


The book is written by Frank Mayer (the co-founder and CTO of Tresys Technology), David Caplan (a senior security engineer with Tresys), and Karl Macmillan (a very active contributor to the SELinux community), three of the most qualified people to write a book on this complicated subject. It consists of 14 chapters and four appendices, grouped into three main parts: SELinux Overview, SELinux Policy Language, and Creating and Writing SELinux Security Policies.

Part I, "SELinux Overview" is a three chapter introduction to SELinux. People who are not familiar with SELinux receive a very thorough overview of the history and concepts behind SELinux while those who are familiar with SELinux get a nice refresher. The first chapter discusses the evolution of operating system access controls from the reference monitor concept, to discretionary access controls, all the way to to SELinux. The second chapter introduces the reader to the basic SELinux concepts: Security Contexts, Type Enforcement, Domain Transitions, Roles, and Multilevel Security (MLS). The third and final chapter of this part discusses the SELinux architecture: the LSM (Linux Security Module) framework, user-space policy servers, the SELinux policy language, and monolithic and modular policies.

Part II, "SELinux Policy Language" is a comprehensive reference to the SELinux policy language and devotes a complete chapter to each of the high-level policy constructs, such as Object Classes and Permissions, Type Enforcement, Roles and Users, Constraints, Multilevel Security. The final two chapters of this part wrap up the discussion of the SELinux policy language by covering conditional policies and object labeling.

Part III, "Creating and Writing SELinux Security Policies" brings it all together. The first two chapters of this section discuss the original example policy and the more recent Reference Policy. The book does a good job covering the policy structure (ie, where the various policy files are) and highlighting the differences between these two policies. The next chapter is intended for system administrators who maintain machines running SELinux and focuses on the impact that SELinux will have on their day-to-day lives. Finally, the last chapter of this section gives the reader a step-by-step introduction to writing new policy modules.


This is a very good book and is easily the best I've seen yet on the subject of SELinux. If you've been tasked with maintaining an SELinux-enabled machine, would like to write or enhance existing SELinux policy, or just want to understand what SELinux is and how it came to be, then this is the book for you. This book and an SELinux-enabled Linux distribution, such as the easy to use EnGarde Secure Linux, are all you need to get involved in the growing world of Security Enhanced Linux.

Reviewed by: Ryan W. Maple

Nice reviewWritten by dave on 2006-10-16 12:04:05
Sounds like a great book. Very helpful review, Ryan.
Is there other book about SELinux subjecWritten by Neo on 2007-05-30 17:08:45
I have this book, but i want a book that show me examples about SELinux Policy : How I build a policy step by step. 
goodWritten by done on 2008-04-19 14:56:22
I'm agree with you.
zzzWritten by zzz on 2008-04-19 15:47:23
hoffman estates cosmetic dentist

Only registered users can write comments.
Please login or register.

Powered by AkoComment!

< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
MongoDB Patches Remote Denial-of-Service Vulnerability
DDoS Attack Against GitHub Continues After More Than Four Days
5 keys to hiring security talent
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.