買這商品的人也買了...
-
Perl 學習手冊 (Learning Perl, 3/e)$580$458 -
Visual C#.NET 程式設計經典$650$514 -
作業系統概念 (Operating System Concepts, 6/e Windows XP Update)$780$741 -
用實例學 ASP.NET:使用 VB.NET 與 ADO.NET(2003修訂版)$620$490 -
C# Primer Plus 中文版 (C# Primer Plus)$680$537 -
鳥哥的 Linux 私房菜─基礎學習篇增訂版$560$476 -
SCJP‧SCJD 專業認證指南 (Sun Certified Programmer & Developer for Java 2 #310-305 與310-027)$850$723 -
Compilers: Principles, Techniques, and Tools (平裝) (美國版ISBN:0201100886)$980$399 -
人月神話:軟體專案管理之道 (20 週年紀念版)(The Mythical Man-Month: Essays on Software Engineering, Anniversary Edition, 2/e)$480$379 -
JSP 2.0 技術手冊$750$593 -
CCNA 認證教戰手冊 Exam 640-801 (CCNA Cisco Certified Network Associate Study Guide, 4/e)$780$616 -
最新 JavaScript 完整語法參考辭典 第三版$490$382 -
AutoCAD 2004 & 2005 實力養成暨評量$350$277 -
Linux 指令詳解辭典$650$514 -
PHP 網頁模組隨學隨用
$480$379 -
ASP.NET 徹底研究進階技巧─高階技巧與控制項實作$650$507 -
UML 精華第三版 : 標準物件模型語言 (UML Distilled, 3/e)$460$363 -
軟體測試理論與實作$520$406 -
Linux Kernel 完全剖析$750$585 -
$199ZigBee 技術開發 — Z-Stack 協議棧原理及應用 -
$1,248Pandas for Everyone: Python Data Analysis (Addison-Wesley Data & Analytics Series) -
$356Python 絕技 : 運用 Python 成為頂級數據工程師 -
Python 數據可視化之 matplotlib 實踐$354$336 -
一直學不會 Tensorflow? PyTorch 更好用更強大更易懂!$540$459 -
Hands-On Data Visualization with Bokeh: Interactive web plotting for Python using Bokeh$1,050$998
商品描述
Description:
The intensive search for a more secure operating system has often left everyday, production computers far behind their experimental, research cousins. Now SELinux (Security Enhanced Linux) dramatically changes this. This best-known and most respected security-related extension to Linux embodies the key advances of the security field. Better yet, SELinux is available in widespread and popular distributions of the Linux operating system--including for Debian, Fedora, Gentoo, Red Hat Enterprise Linux, and SUSE--all of it free and open source.
SELinux emerged from research by the National Security Agency and implements classic strong-security measures such as role-based access controls, mandatory access controls, and fine-grained transitions and privilege escalation following the principle of least privilege. It compensates for the inevitable buffer overflows and other weaknesses in applications by isolating them and preventing flaws in one application from spreading to others. The scenarios that cause the most cyber-damage these days--when someone gets a toe-hold on a computer through a vulnerability in a local networked application, such as a Web server, and parlays that toe-hold into pervasive control over the computer system--are prevented on a properly administered SELinux system.
The key, of course, lies in the words "properly administered." A system administrator for SELinux needs a wide range of knowledge, such as the principles behind the system, how to assign different privileges to different groups of users, how to change policies to accommodate new software, and how to log and track what is going on. And this is where SELinux is invaluable. Author Bill McCarty, a security consultant who has briefed numerous government agencies, incorporates his intensive research into SELinux into this small but information-packed book. Topics include:
- A readable and concrete explanation of SELinux concepts and the SELinux security model
- Installation instructions for numerous distributions
- Basic system and user administration
- A detailed dissection of the SELinux policy language
- Examples and guidelines for altering and adding policies
With SELinux, a high-security computer is within reach of any system administrator. If you want an effective means of securing your Linux system--and who doesn't?--this book provides the means.
Table of Contents:
Preface
1. Introducing SELinux
Software Threats and the Internet
SELinux Features
Applications of SELinux
SELinux History
Web and FTP Sites
2. Overview of the SELinux Security Model
Subjects and Objects
Security Contexts
Transient and Persistent Objects
Access Decisions
Transition Decisions
SELinux Architecture
3. Installing and Initially Configuring SELinux
SELinux Versions
Installing SELinux
Linux Distributions Supporting SELinux
Installation Overview
Installing SELinux from Binary or Source Packages
Installing from Source
4. Using and Administering SELinux
System Modes and SELinux Tuning
Controlling SELinux
Routine SELinux System Use and Administration
Monitoring SELinux
Troubleshooting SELinux
5. SELinux Policy and Policy Language Overview
The SELinux Policy
Two Forms of an SELinux Policy
Anatomy of a Simple SELinux Policy Domain
SELinux Policy Structure
6. Role-Based Access Control
The SELinux Role-Based Access Control Model
Railroad Diagrams
SELinux Policy Syntax
User Declarations
Role-Based Access Control Declarations
7. Type Enforcement
The SELinux Type-Enforcement Model
Review of SELinux Policy Syntax
Type-Enforcement Declarations
Examining a Sample Policy
8. Ancillary Policy Statements
Constraint Declarations
Other Context-Related Declarations
Flask-Related Declarations
9. Customizing SELinux Policies
The SELinux Policy Source Tree
On the Topics of Difficulty and Discretion
Using the SELinux Makefile
Creating an SELinux User
Customizing Roles
Adding Permissions
Allowing a User Access to an Existing Domain
Creating a New Domain
Using Audit2allow
Policy Management Tools
The Road Ahead
A. Security Object Classes
B. SELinux Operations
C. SELinux Macros Defined in src/policy/macros
D. SELinux General Types
E. SELinux Type Attributes
Index
商品描述(中文翻譯)
描述:
對於更安全的操作系統的密集搜尋,常常使日常的生產電腦遠遠落後於它們的實驗性研究同類。現在,SELinux(安全增強Linux)徹底改變了這一點。這個最知名且最受尊敬的Linux安全擴展體現了安全領域的關鍵進展。更好的是,SELinux在廣泛且受歡迎的Linux操作系統發行版中可用,包括Debian、Fedora、Gentoo、Red Hat Enterprise Linux和SUSE,所有這些都是免費且開源的。
SELinux源於國家安全局的研究,實施了經典的強安全措施,如基於角色的訪問控制、強制訪問控制,以及遵循最小特權原則的細粒度轉換和特權提升。它通過隔離應用程序來彌補不可避免的緩衝區溢出和其他弱點,防止一個應用程序中的缺陷擴散到其他應用程序。當前造成最多網絡損害的情境——當某人通過本地網絡應用程序(如Web伺服器)中的漏洞獲得電腦的立足點,並將該立足點轉化為對計算機系統的廣泛控制——在適當管理的SELinux系統上是可以防止的。
當然,關鍵在於“適當管理”這幾個字。SELinux的系統管理員需要廣泛的知識,例如系統背後的原則、如何為不同用戶組分配不同的特權、如何更改政策以適應新軟件,以及如何記錄和跟踪正在發生的事情。這就是SELinux無價之處。作者Bill McCarty是一位安全顧問,曾向多個政府機構進行簡報,他將自己對SELinux的深入研究融入這本小而信息豐富的書中。主題包括:
- SELinux概念和SELinux安全模型的可讀且具體的解釋
- 多個發行版的安裝說明
- 基本系統和用戶管理
- SELinux政策語言的詳細剖析
- 修改和添加政策的示例和指導
有了SELinux,高安全性的計算機對任何系統管理員來說都觸手可及。如果您想要一種有效的方式來保護您的Linux系統——誰不想呢?——這本書提供了所需的手段。
目錄:
前言
1. 介紹SELinux
- 軟體威脅與互聯網
- SELinux特性
- SELinux的應用
- SELinux歷史
- 網頁和FTP網站
2. SELinux安全模型概述
- 主體和對象
- 安全上下文
- 短暫和持久對象
- 訪問決策
- 轉換決策
- SELinux架構
3. 安裝和初始配置SELinux
- SELinux版本
- 安裝SELinux
- 支持SELinux的Linux發行版
- 安裝概述
- 從二進制或源包安裝SELinux
- 從源碼安裝
4. 使用和管理SELinux
- 系統模式和SELinux調整
- 控制SELinux
- 常規SELinux系統使用和管理
- 監控SELinux
- 故障排除SELinux
5. SELinux政策和政策語言概述
- SELinux政策
- SELinux政策的兩種形式
- 簡單SELinux政策域的結構
- SELinux政策結構
6. 基於角色的訪問控制
- SELinux基於角色的訪問控制模型
- 鐵路圖
- SELinux政策語法
- 用戶聲明
- 基於角色的訪問控制聲明
7. 類型強制
- SELinux類型強制模型
- SELinux政策語法回顧
- 類型強制聲明
- 檢查示例政策
8. 附屬政策聲明
- 約束聲明
- 其他上下文相關聲明
- Flask相關聲明
9. 自定義SELinux政策
- SELinux政策源樹
- 關於難度和裁量的主題
- 使用SELinux Makefile
- 創建SELinux用戶
- 自定義角色
- 添加權限
- 允許用戶訪問現有域
- 創建新域
- 使用Audit2allow
- 政策管理工具
- 未來的路
A. 安全對象類別
B. SELinux操作
C. 在src/policy/macros中定義的SELinux宏
D. SELinux一般類型
E. SELinux類型屬性
索引
