I’m excited to announce that Dave Quigley will be our guest speaker at the October Crabby Admins meeting. He will present an introduction to SELinux. Dave has provided SELinux tutorials in the past and will be drawing on those instructions for his presentation to the Crabby Admins.
See below for the full abstract of his tutorial:
Over a decade ago, researchers at the National Information Assurance Research
Lab at the National Security Agency (NSA) identified a need for flexible
mandatory access controls to help provide a solid foundation for secure
systems. This resulted in the development of the FLASK architecture. FLASK has
been implemented in a number of operating systems, the most prominent of which
is Linux under the name SELinux. Since the early days of SELinux adoption, much
work as been done by the community to improve the utility and usability of
SELinux. These enhancements have turned SELinux from a prototype research
implementation into a robust access control mechanism that is used by a variety
of customers world wide.This tutorial is suitable for students with a broad range of experience in
SELinux. The tutorial starts with the foundation concepts of SELinux allowing
students to understand the new access control concepts that are provided. The
tutorial then covers basic SELinux usage including: evaluating the state of an
SELinux-enabled system, identifying SELinux information on system resources,
and troubleshooting of basic SELinux errors.Next, the tutorial covers troubleshooting errors with SELinux that result from
non-standard configurations of system services. For example, it is common to
change the location that a web server serves pages from. SELinux needs to be
informed of these changes to ensure that system resources are consistent with
what SELinux expects. This section will also cover examples of other services
which typically have non-standard configurations. Students will work through
examples that address not only the issue at hand, but also expose the
underlying cause. This increases the student’s understanding and allows each
student to identify and resolve similar problemsFinally, the tutorial covers SELinux policy analysis and writing. As system
administrators are constantly faced with deploying software created by their
enterprise, understanding the SELinux security policy and how to extend it to
cover in-house applications is very important. It covers basic policy
development within the scope of the SELinux reference policy and how to
iteratively develop an application policy while having minimal impact on
production systems.
Here’s a little background on Dave:
David Quigley started his career as a Computer Systems Researcher for the
National Information Assurance Research Lab at the NSA where he worked as a
member of the SELinux team but has since left that position. David leads the
design and implementation efforts to provide Labeled-NFS support for SELinux.
David has previously contributed to the open source community through
maintaining the Unionfs 1.0 code base and through code contributions to various
other projects. David has presented at conferences such as the Ottawa Linux
Symposium, the StorageSS workshop, LinuxCon and several local Linux User Group
meetings where presentation topics have included storage, file systems, and
security. David currently works as a Computer Science Professional for the
Advanced Engineering and Development division at Keyw Corporation.