"SELinux" Released by O'Reilly

For Immediate Release
For more information, a review copy, cover art, or an interview with
the author, contact:
Kathryn Barrett (707) 827-7094 or kathrynb@oreilly.com
	
Stave Off the Zero-Day Vulnerability Threat (Straight from the NSA)
O'Reilly Releases "SELinux"

Sebastopol, CA--There are few things as critical to a system
administrator's work as security.  According to Bill McCarty, author of
"SELinux:  NSA's Open Source Security Enhanced Linux" (O'Reilly $39.95),
as the number and variety of software vulnerabilities and attacks continue
to accelerate, security is probably the most important topic in computing
today. But the ongoing search for a more secure operating system has often
left everyday production computers far behind their experimental research
cousins. SELinux (Security Enhanced Linux) dramatically changes this
situation.

McCarty, who has been tracking SELinux on his technology radar for several
years, previously had not considered it a workable solution for the
typical sys admin. "It didn't seem easy enough, or robust enough, for
dependable use by Linux system administers," he recalls.

But recently SELinux has come of age. "I now believe that SELinux is the
most important computing technology for Linux users that I've seen in the
last several years," states McCarty. "Obviously, others agree that SELinux
is important and useful: SELinux has been incorporated into Fedora Core,
Gentoo, and SUSE Linux."  In addition, the new Red Hat Enterprise Linux 4,
expected to release in first quarter 2005, will be a fully supported Linux
distribution featuring SELinux.

SELinux emerged from research by the National Security Agency and
implements classic strong-security measures such as role-based access
controls, mandatory access controls, and fine-grained transitions and
privilege escalation following the principle of least privilege. It
compensates for the inevitable buffer overflows and other weaknesses in
applications by isolating them and preventing flaws in one application
from spreading to others. The scenarios that cause the most cyber-damage
these days--when someone gets a toe-hold on a computer through a
vulnerability in a local networked application, such as a web server, and
parlays that toe-hold into pervasive control over the computer system--are
prevented on a properly administered SELinux system.

The key, of course, lies in the words "properly administered." A system
administrator for SELinux needs a wide range of knowledge, such as the
principles behind the system, how to assign different privileges to
different groups of users, how to change policies to accommodate new
software, and how to log and track what is going on. And this is where
"SELinux" is invaluable.

"Readers learn how to install, initially configure, and maintain Linux
systems using SELinux. Properly configured SELinux systems are expected to
be highly resistant to compromise," says McCarty.  His goal in writing the
book was to demystify SELinux for everyday users: "It's not written for
experienced SELinux policy developers and other geniuses, as much as I
respect them and appreciate their contributions to SELinux. Instead, the
book is written for the typical system administrator who's trying to
figure out how to keep bad guys out of the systems for which he or she is
responsible.

Topics in the book include:

-A readable and concrete explanation of SELinux concepts and the SELinux
security model
-Installation instructions for numerous distributions
-Guidelines for basic system and user administration
-A detailed dissection of the SELinux policy language
-Examples and guidelines for altering and adding policies

With "SELinux," a high-security computer is within reach of any system
administrator. If you want an effective means of securing your Linux
system--and who doesn't?--this book provides the means.

Additional Resources:

Chapter 4, "Using and Administering SELinux," is available online at:
http://www.oreilly.com/catalog/selinux/chapter/index.html

For more information about the book, including table of contents, index,
author bio, and samples, see:
http://www.oreilly.com/catalog/selinux/index.html

For a cover graphic in JPEG format, go to:
ftp://ftp.ora.com/pub/graphics/book_covers/hi-res/0596007...

SELinux
Bill McCarty
ISBN 0-596-00716-7, 238 pages, $39.95 US, $57.95 CA
order@oreilly.com
1-800-998-9938
1-707-827-7000
http://www.oreilly.com

About O'Reilly
O'Reilly Media, Inc. is the premier information source for leading-edge
computer technologies. The company's books, conferences, and web sites
bring to light the knowledge of technology innovators. O'Reilly books,
known for the animals on their covers, occupy a treasured place on the
shelves of the developers building the next generation of software.
O'Reilly conferences and summits bring alpha geeks and forward-thinking
business leaders together to shape the revolutionary ideas that spark new
industries. From the Internet to XML, open source, .NET, Java, and web
services, O'Reilly puts technologies on the map. For more information:
http://www.oreilly.com

# # #

O'Reilly is a registered trademark of O'Reilly Media, Inc. All other
trademarks are property of their respective owners.