Hands-on SELinux: A Practical Introduction

This page contains course information for students taking the SELinux short course, offered September 16 and 18, 2014 through Merit. This information will be available before and during the course.

The short course, taught over two three-hour sessions, is designed as an intensive, hands-on learning experience, teaching administrators about SELinux principles and components. Topics include installation and configuration, interpretation of log records, and how to secure applications by creating SELinux policies. Students will learn the SELinux skills to secure their own platforms running their own applications.

Course Materials

  • Lecture Notes (updated 18 Sep 14:19)
  • References
  • Supplemental Information
  • VLE Hints and Tips
  • Merit Course Registration & Information Page

    • To Do Before Class

    You'll minimize your distractions in class if you prepare your laptop as follows before class begins:

    1. Download and install VMware Player, Server, or Fusion.
    2. Download the Virtual Lab Environment, and boot it into VMware Player.

    VMware

    You will need a current version of VMware Player, VMware Workstation or VMware Fusion installed on your computer in order to boot and use the Virtual Lab Environment.

    VMware Player is available free from VMware at http://www.vmware.com/player/ (the free Player link is near the bottom of the page). VMware Workstation and VMware Fusion are available as free 30-day trials at http://www.vmware.com/workstation/ and http://www.vmware.com/fusion/, respectively. You only need ONE of these programs.

    Virtual Lab Environment

    Course experiments are conducted on your laptop using a VMware-based virtual lab environment. These experiments are an integral part of the course and will enhance your learning experience.

    You will need an IA32 compatible laptop running VMware Player, Server, or Fusion. Please follow the following steps to bring up your virtual lab:

    1. Create a new directory for your virtual guest.
    2. Download the following two files to your new directory (right-click on each and select "Save As"):

    3. To verify the SHA1 hashes, use sha1sum (Linux), shasum (Mac OS X), FCIV -sha1 (http://support.microsoft.com/kb/889768, for Windows), or equivalent.
    4. Expand VLE65.vmdk.gz using gunzip (included in most Linux, UNIX, and Mac OS X distributions), 7-Zip (http://www.7-zip.org/, for Windows), or equivalent. The expanded file will be about 5 GB in size.
    5. In VMware, open your virtual guest, browse to your new directory and boot the lab environment. If you are asked whether you moved or copied the environment, indicate you copied it. If you are asked if you want to update VMware Tools, you can safely decline.

    Login and password information for the lab environment were sent to you under separate cover.

    The virtual lab environment has been modified specifically for this course. It suffers several security vulnerabilities and is not kept up to date with respect to patches. It contains a host firewall configured not to allow most inbound connections as the only line of defense. While a necessary and valuable component of this course, the lab environment is not recommended for any other use.

    More help

    Please use our class mailing list selsec2014@umich.edu for questions, comments, or to seek further assistance.