I figured I'd like to get some better knowledge on IT security.
I've got already some good practices that I've got refined over time. GPG, private-key only authentication via SSH, using a browser as little as possible (and with extensions like NoScript or CookieSelfDestruct), just to name a few. Plus another ton of habits for the privacy side, that are out of topic here.
I'd like to focus on SELinux, after some discussions. A good starting point is to use it for securing what I perceive as my weakest spot: (obviously) the browser.
I'd like to keep a journal about my SELinux exploration, since my perception is it's a somewhat difficult thing to work with. I can't guarantee I'll be able to write everything I find, as writing takes time, and time is valuable for learning (which one of the reasons why I seldom write on this site).
The other reason why I don't often write is that there's people who know better what to write. On this point, it looks like Dan Walsh knows a lot on SELinux.
This video seemed to me a good starting point.
My next goal is to overcome the issues I'm experimenting protecting Firefox
with the sandbox
command
(described here).
In short I've got a lot of AVC (Access Vector Cache -- that's what it means) denials, with a high rate. Let's figure out :)
First batch of notes
sesearch
allows to search the policy set for policies matching a certain pattern. As in this article about udica[On Fedora]
/var/log/audit/audit.log
is not just for selinux. The audit is system-wide, written by/sbin/auditd
Policies are defined with text files and compiled into a binary representation. [On Fedora] Install the
selinux-policy-devel
to get what is needed.As often happens, the wikis of Arch and Gentoo provide well written and understandable documentation.