This is the third and final installment in the RHCSS Study series. With this installment, especially since it is a newish technology that can be difficult to wrap your head around at first, I recommend studying the course objectives listed below along with one or more of these fine publications:
 
|
RHS 429: SELinux Policy Administration
Unit 1 - Introduction to SELinux
* Discretionary Access Control vs. Mandatory Access Control
* SELinux History and Architecture Overview
* Elements of the SELinux security model:
o user identity and role
o domain and type
o sensitivity and categories
o security context
* SELinux Policy and Red Hat’s Targeted Policy
* Configuring Policy with Booleans
* Archiving
* Setting and Displaying Extended Attributes
* Hands-on Lab: Understanding SELinux
Unit 2 - Using SELinux
* Controlling SELinux
* File Contexts
* Relabeling Files and Filesystems
* Mount options
* Hand-on Lab: Working with SELinux
Unit 3 - The Red Hat Targeted Policy
* Identifying and Toggling Protected Services
* Apache Security Contexts and Configuration Booleans
* Name Service Contexts and Configuration Booleans
* NIS Client Contexts
* Other Services
* File Context for Special Directory Trees
* Troubleshooting and avc Denial Messages
* setroubleshootd and Logging
* Hands-on Lab: Understanding and Troubleshooting the Red Hat Targeted Policy
Unit 4 - Introduction to Policies
* Policy Overview and Organization
* Compiling and Loading the Monolithic Policy and Policy Modules
* Policy Type Enforcement Module Syntax
* Object Classes
* Domain Transition
* Hands-on Lab: Understanding policies
Unit 5 - Policy Utilities
* Tools available for manipulating and analyzing policies
o apol
o seaudit and seaudit_report
o checkpolicy
o sepcut
o sesearch
o sestatus
o audit2allow and audit2why
o sealert
o avcstat
o seinfo
o semanage and semodule
o Man pages
* Hands-on Lab: Exploring Utilities
Unit 6 - User and Role Security
* Role-based Access Control
* Multi Category Security
* Defining a Security Administrator
* Multi-Level Security
* The strict Policy
* User Identification and Declaration
* Role Identification and Declaration
* Roles in Use in Transitions
* Role Dominance
* Hands-on Lab: Implementing User and Role Based Policy Restrictions
Unit 7 - Anatomy of a Policy
* Policy Macros
* Type Attributes and Aliases
* Type Transitions
* When and How do Files Get Labeled
* restorecond
* Customizable Types
* Hands-on Lab: Building Policies
Unit 8 - Manipulating Policies
* Installing and Compiling Policies
* The Policy Language
* Access Vector
* SELinux logs
* Security Identifiers - SIDs
* Filesystem Labeling Behavior
* Context on Network Objects
* Creating and Using New Booleans
* Manipulating Policy by Example
* Macros
* Enableaudit
* Hands-on Lab: Compiling Policies
Unit 9 - Project
* Best practices
* Create File Contexts, Types and Typealiases
* Edit and Create Network Contexts
* Edit and Create Domains
* Hands-on Lab: Editing and Writing Policy
It appears that Red Hat now publishes prep guides for all post-RHCE exams.
What fine publications? there aren’t too many books that cover SELinux in a manner that makes sense of it, though the tools for managing it are seriously coming along.