TypeOnline Course


Audience & Prerequisites

Course Outline

Schedule & Fees


SELinux Training

SELinux, or Security-Enhanced Linux, is a part of the Linux security kernel that acts as a protective agent on servers. In the Linux kernel, SELinux relies on mandatory access controls (MAC) that restrict users to rules and policies set by the system administrator. MAC is a higher level of access control than the standard discretionary access control (DAC), and prevents security breaches in the system by only processing necessary files that the administrator pre-approves. SELinux acts under the least-privilege model. SELinux only grants access if the administrator writes a specific policy to do so.

Intended Audience

This course will significantly benefit for system administrators & also linux admin.


Candidates should have 5-6 years of working experience of Linux Admin.

Course Outline                                                  Duration: 04 Days

Day 1

  • Boot Options for SELinux
  • Enabling user home directories – SELinux Settings for User Home Directories
  • Targeted Policy Protected Services – Default list of SELinux Protected Services
  • Identifying and Toggling Protected Services –Working Booleans
  • File Context for Special Directory Trees – Setting Persistent SELinux Contexts on Directory Tries.
  • Troubleshooting
    • Identify the Problem
    • avc: denied Messages, understanding with Examples
    • setroubleshootd – The System Deamon and its use
    • SELinux Logging
    • Understanding and Troubleshooting the Targeted Policy
  • Packaging and deployment of SELinux policy on target
    • Device based restrictions. E.g hardware, ports etc

Lab 1 – Using fixfiles Script

Lab 2 – Setting mount contexts

Day 2

  • SELinux Policies
    • Policy Overview
    • Policy Organization
    • Installing the source RPM and preparing the build area
    • Build the base policy package
    • Compiling the Monolithic Policy
    • Loading the Monolithic Policy
    • Compiling Policy Modules
    • Loading Policy Modules
    • Policy Type-Enforcement Module Syntax
    • Policy Type-Enforcement Module Example
  • semodule
  • Introduction to Object Classes

Lab 3. Understanding policies

Lab 4. Exploring CGI scripts

Lab 5. Modifying an existing policy

  • Policy Utilities: seaudit, seaudit_report, checkpolicy, sesearch, sestatus, audit2allow, audit2why, sealer, avcstat, seinfo and semanage

Lab 6. Exploring Utilities

Day 3

  • User and Role Security
    • Role-based Access Control
    • Multi Category Security – MCS
    • Multi Category Security: translation and login
    • The chcat – change file security category
  • Defining a SecurityAdministrator: sudo,chcat and root
  • Multi-Level Security – MLS
  • The strict Policy
  • General Identification
  • User Identification:system_u, users_u and root, Declaring Users
  • Role Identification: Declaring Roles, Roles in use in Transitions, Role Dominance
  • Domain Transition
  • Polyinstantiation of Directories
  • Policy Macros
  • Types : Enforcement, Attributes, Aliases and Transitions for Objects
  • restorecond
  • Customizable Types
  • File Contexts
  • Manipulating Policies
  • Access Vector
  • SELinux logs
  • Security Identifiers-SIDs
  • Statements: fs_use_* and genfscon
  • Context on network objects
  • Booleans: Creating and using new booleans
  • Examples: allow, auditallow,neverallow,dontaudit, can_exec
  • Enableaudit

Lab 7. Implementing User and Role Based Policy Restrictions, MCS and strict policy

Lab 8. Building Policies: Checking the current policy, Using sesearch to list the rules in a policy, audit2allow, type and typealias,  type_transition, Using semanage and restorecond

Day 4

  • Lab 9. Manipulating Policies
    • Restricting Access to ISO images
    • Making Squid listen to a non-standard port
    • Protecting a new script
  • Lab 10. Editing Policy:
    • Multi-domain File Contexts
    • Allowing httpd access to non-standard ports and exploring allow_ypbind
    • Boot problem
    • New file context for script.py
    • Customizable Types
  • Project
    • Best practices
    • Overview of Changes
    • Task 1. Create File Contexts, Create File Types, Create File Typealiases
    • Task 2. Edit or Create Network Contexts
    • Task 3. Domains – Create Domains :Macros, Building and Enhancing

Course Duration: 04 Days

Please write to us at [email protected] & contact us at +91-9870480053 for the course price & certification cost, schedule & location

Drop Us a Query


For more info kindly Contact Us.

SELinux training courses and certification gurgaon gurugram haryana SELinux training institutes in gurgaon SELinux training and certification SELinux training in delhi SELinux  pmp training SELinux  certification fees SELinux training with exam mercury solutions SELinux training SELinux certification cost SELinux certification path SELinux certification online SELinux certification salary SELinux certification cost in india 2019 who should do SELinux certification SELinux certification quora SELinux certification cost in india 2018 SELinux  certification SELinux training gurgaon SELinux  certification cost SELinux  full form SELinux certification india SELinux certification online SELinux certification training SELinux certification pune SELinux certification in delhi