Product: SELinux: NSA’s Open Source Security Enhanced Linux

Personally, I prefer books to focus either concepts or detailed implementation instructions not both. For complex topics like SELinux, you typically cannot fit the conceptual and pragmatic within one book. McCarty’s SELINUX is no exception. SELINUX provides an excellent overview of concepts but struggles with SELinux policy implementation methods and procedures. I suspect the topic is simply too large for one volume. What implementation advice presented is clear and concise but you will have to search elsewhere for more detailed deployment advice.

Despite these issues, this book is recommended reading for anyone considering implementing SELinux. The conceptual overview is some of the best I’ve seen since SELinux got its start. Using charts, diagrams and examples, McCarty presents an excellent overview of the nuts and bolts of SELinux. Understanding the principles of Role-Based Access Control, Type Enforcement, and Security Objects is critical to both using SELinux and justifying its use. The latter may be a bigger hurdle than many anticipate. The chapters on these areas will arm you with sufficient understanding to make a clear case of why SELinux can and should be implemented in many Linux-based computing environments.

While there are brief examples throughout, the book’s third chapter on SELinux installation presents a well-documented, step-by-step guide to installing SELinux. If you’ve never installed SELinux, these sections will prove very valuable. With clearly numbered steps and command line examples, you can have SELinux installed and configured with a default policy within an hour.

As a mix between the pragmatic and conceptual, SELINUX is a good start on this topic. Entry level SELinux users will probably not learn too much from this book, but if your are looking for a introduction to SELinux concepts along with some pragmatic advice for getting started, then this book may be for you.
Rating: 3
0596007167
Count: 6