Linux Security - SELinux and auditd (English)
Follow this course and learn SELinux concepts, configuration and troubleshooting, and how to monitor changes with Linux Audit Daemon and interpret audit logs.
With increased cyber threats, actively using SELinux is recommended and is often required by organizational security policies.
In this course, the basic concepts of SELinux are explained, and it is discussed how SELinux can be correctly configured and used in the standard, daily practice. To be able to solve SELinux-related problems, the course also delves into investigating SELinux log information and teaches, through practical exercises, how to resolve issues.
In addition to active measures such as using SELinux, the detection of potentially malicious changes is becoming increasingly important. Changes to Linux and application configurations can be monitored using the Linux Audit Daemon auditd. The course focuses on how these changes can be recorded in Linux Audit Daemon log files through practical exercises and explains how this complex log information can be read and interpreted. Since SELinux also uses the Linux Audit Daemon, this course will help in better understanding detailed SELinux log information.
This course covers the following topics:
#SELinux ¿ introduction.
- SELinux - alternatives.
- Use of the SELinux modes. (Enforcing, Permissive, Disabled) and SELinux types (Targeted, Mimimum and MLS/MCS)
- Daily use and management of SELinux.
- Updating the standard SELinux policy.
- SELinux troubleshooting.
- Usage of SELinux confined users.
- Linux Auditd - introduction.
- Use and interpretation of Auditd logfiles.
- Introduction Auditd rules creation
- Introduction Auditd logging.
