January 9, 2003

Training available for new commercial Security-Enhanced Linux

- by Tina Gasperson -
The Open Source Development Group (OSDgroup) has developed courseware for
Security Enhanced Linux, the National Security
Agency's
beefed-up Linux distribution that is also being developed as
a

commercial distribution by Westcam Consultants.OSDgroup is working with Westcam to promote an upcoming commercial release of
SELinux. Proprietor Mark Westerman told developers that the release is RPM
based, and it is for "people that might not want to compile and install the
kernel." The government's SELinux, which is freely available for download, must
be installed over top of an existing Red Hat install; it is basically a custom
kernel configuration. Westcam's implementation of SELinux is not endorsed or
sponsored by the National Security Agency (NSA).

Westerman says that Westcam's distro is completely GPL'ed and they will not put
any proprietary code in there. Additionally, developers are working to convert
the security rules to XML in order to handle policies more efficiently. The beta
of Westcam's SELinux is available by mail order.

OSDgroup's SELinux courseware is available separately or in conjunction with a
three day training session conducted at the client's location. OSDgroup sends
contracted trainers to locations around the country to administer the Security
Enhanced Linux Fundamentals course, at a cost of $1,495 per person per session.

John Weathersby, president of OSDgroup, was one of the founders of the SAIR
GNU/Linux training and certification company. Now he is putting his expertise
into identifying and developing niche markets, such as the SELinux training.
OSDgroup also develops customized training for the needs of different companies.
"We focus mainly on implementation" of training materials, says Weathersby, but
in the case of a clearly-defined need, such as SELinux, Weathersby's experience
allows him to oversee the production of original courseware.

Security Enhanced Linux Fundamentals contains 16 modules, five of which are
specifically related to SELinux. The first eleven modules are concerned with
more basic Linux administration efforts, like installation, UI and environment,
software management, partitions and file systems, and user groups. The five
modules that pertain to SELinux are 1) SELinux overview, 2) Developing SELinux
Policies, 3) Installing SELinux, 4)Administering SELinux, and 5) SELinux usage
scenarios.

OSDgroup also provides a five day-long Linux boot camp. "It covers the basics of
Linux and provides an introduction to security and how SElinux can be adopted
into a security plan," says Richard Kuebler, OSDgroup's vp of sales and
marketing.

The SELinux courseware has garnered the attention of LPI, according to
Weathersby, who says they've been engaging in informal talks about the
possibility of creating a certification module based on SELinux. A source close
to LPI says that the certification institution has been talking "with a number
of people" about doing a Linux security certification.

Click Here!