Selinux: NSA's Open Source Security Enhanced Linux

This book is a great introduction to the topic of SELinux because of the information on its developmental background and lucid description of the objectives, advantages and maintenance of a SELinux system. I would recommend this book to someone who has a firm grasp of basic security concepts and programming principles and is interested in getting exposure to the security enhanced model of Linux.

So what makes Selinux more secure than standard Linux? Primarily it is the implementation of role-based access control, sandboxing, and an audit facility that allows the system to log any attempts to exceed specified permissions. It does all this without conflicting with the normal permissions of Linux. If you are able to access a file through normal discretionary access control then the role-based mandatory access control provides additional security to determine if you can run the file or not. The only way to open a file is if both systems agree that you should be able to open it. The author covers installation, configuration, administering, and setting up a security policy. The presentation of SeLinux is straightforward and the security model is presented in a writing style that makes it clear and understandable to the reader. SeLinux: NSA's Open Source Security Enhanced Linux is highly recommended as both a Linux security solution and an excellent book on how to utilize all the resources of SeLinux.

Bill McCarty's book is all of the above and the requirements have been met for a throughly enjoyable read. You don't have to be a Linux geek to appreciate the security mechanisms that Information Assurance Directorate of the NSA and the myriad of contributors have helped to create. These go way beyond IT systems decisions and at their base level represent good business management practice. The days of using insecure, bloated operating systems to power your business are over. In this age of real competitive and even terroristic threats affecting your companies data, you owe it to your self to investigate the security mechanisms put forth in this book and give your business the competitive edge.

Bill McCarty has done a top notch job of explaining Security Enhanced Linux as well as the security model itself. I've attempted so many time to "get it" about SELinux and not until I read this book did it make sense. Bill's organization of the material makes a huge difference. He breaks the subject down into easily understandable chunks. The reader can follow the simple road until everything makes sense. And, SE Linux does make sense. It should be implemented everywhere. Another thing compelled me to get this book -- it's size. This is a relatively small book. I remember thinking that I could read it without spending two weeks in a study mode. I was right about that. I read it in quick order. I especially like O'Reilly books. I aslo like Bill's editor, Andy Oram. With the two of them collaborating, you're going to get an interesting book, topics that flow well and a professional product worth much more than the list price. I'm glad I found this book. I want to congratulate all parties involved for creating an excellent product. I also want to say thank you for enabling me to work with Security Enhanced Linux.

This book is a must read for beginners exploring the powers of SELinux and trying to setup a custom system. it has all the information needed to give a basic grounding of how everything is organised and how security is incorporqated into the kernel. it deals with the structural as well as the functional organization of the various components involved. although not exhaustive in examples there is a considerable number of'em on which one can work out his own specific interest.