Manage SELinux Security

# Manage SELinux Security
            ## Dennis Kibbe
            ### Mesa Community College
            Note: This slide presentation was created using [Reveal.js](https://revealjs.com). You can access a transcript of this presentation by pressing s for speaker notes. You can access navigation help by pressing the question mark key. Audio for this presentation is     artificially generated.
            ---
            
            # Module Outline
            1. Introduction
            1. Change the SELinux Enforcement Mode
            1. Guided Exercise
            1. Control SELinux File Contexts
            1. Guided Exercise
            1. Adjust SELinux Policy with Booleans
            1. Guided Exercise
            1. Investigate and Resolve SELinus Issues
            1. Guided Exercise
            1. Key Takeaways
            1. Resources
            1. Graded Lab
            Note: 
            ---
            
            # Learning Objectives
            *After completing the work in this module you will be able to:*
            1. Explain how SELinux protects resources, change the current SELinux mode of a system, and set the default SELinux mode of a system.
            1. Manage the SELinux policy rules that determine the default context for files and directories with the `semanage fcontext` command and apply the context defined by the SELinux policy to files and directories with the `restorecon` command.
            1. Activate and deactivate SELinux policy rules with the `setsebool` command, manage the persistent value of SELinux Booleans with the `semanage boolean -l` command, and consult `man` pages that end with `_selinux` to find useful information about SELinux Booleans.
            1. Use SELinux log analysis tools and display useful information during SELinux troubleshooting with the `sealert` command.
            Note:
            ---
            
            # Introduction
            ## Manage SELinux Security
            Note: Unlike standard Linux permissions SELinux is a mandatory access control system that protects applications, processes, and files. 
            ---
            
            # Change the SELinux Enforcement Mode
            1. **Enforcing:** Enforcing is the default module. Violations of SELinux policy are enforced.
            1. **Permissive:** Violations to SELinux policy are logged but permitted.
            1. **Disabled:** SELinux is turned off.
            Note: 
            ---
            
            # Guided Exercise
            ## Change the SELinux Enforcement Mode
            ![Clipart of two students studying](../images/homework.png)
            Note: 
            >>>
            
            #
            # Prepare Lab Environment
            ![alt text](../images/rh134/ch06s02-1.png)
            Note: 
            >>>
            
            #  
            # Log into servera
            ![alt text](../images/rh134/ch06s02-2.png)
            Note: 
            >>>
            
            # 
            # Verify the current SELinux mode
            ![alt text](../images/rh134/ch06s02-3.png)
            Note: 
            >>>
            
            #
            # Change the SELinux Mode
            ![alt text](../images/rh134/ch06s02-3.png)
            Note: 
            >>>
            
            #
            # Edit the SELinux Configuation File
            ![alt text](../images/rh134/ch06s02-3.png)
            >>>

# Control SELinux File Contexts
            Note: 
            --- 
            
            # Guided Exercise
            ## Control SELinux File Contexts
            ![Clipart of two students studying](../images/homework.png)
            Note: 
            ---
            
            # Adjust SELinux Policy with Booleans
            Note:
            ---
            
            # Guided Exercise
            ## Adjust SELinux Policy with Booleans
            ![Clipart of two students studying](../images/homework.png)
            Note: 
            ---
            
            # Investigate and Resolve SELinux Issues
            Note: 
            ---
            
            # Guided Exercise
            ## Investigate and Resolve SELinux Issues
            ![Clipart of two students studying](../images/homework.png)
            Note: 
            ---
            
            # Key Takeaways
            1. Use the `getenforce` and `setenforce` commands to manage the SELinux mode of a system.
            1. The `semanage` command manages SELinux policy rules. The `restorecon` command applies the context that the policy defines.
            1. Booleans are switches that change the behavior of the SELinux policy. You can enable or disable them to tune the policy.
            1. The `sealert` command displays useful information to help with SELinux troubleshooting.
            Note:
            ---
            
            # Resources
            Note: Here are some resources for the topics covered in this chapter.
            ---
            
            # Graded Lab
            ## Manage SELinux Security 
            ![Clipart of technicians in white lab coats](../images/lab_techs.png)
            Note: 
            ---
            
            
            ![Mesa Community College logo](../images/mcc_logo.png "Mesa Community College")
            Note: This ends this slide presentation. I hope you found it useful.