Red Hat SELinux Policy Administration Certificate of Expertise

notquitecertifiablenotquitecertifiable Member Posts: 36 ■■■□□□□□□□
I wasn't sure if this should come under 'Security Certifications'
or 'LPI, RHCE, and SAIR' but it's from a Linux vendor so I've
posted it here.

Red Hat offer a four day course on SELinux Policy Administration followed
by a four hour exam. Anyone can do the course (if you're willing to pay)
but only people with a valid RHCE are allowed to sit the exam.

The course was decent enough, the pacing was a little uneven for me but the
instructor was friendly, knew his material quite well and was always open
to questions. The real meat of the course for me though is the Red Hat
published course guide - and considering how little printed material
exists on modern SELinux (and it's worth noting that the course
currently runs on Red Hat 5.icon_cool.gif it's the best asset available for someone
who wants to dig in to SELinux without spending days searching for
documents that may be current, well written and actually correct.

The material covered how to admin a system running SELinux, how to tweak
and maintain a local policy and then how to write your own policy modules
for local applications or tweaking upstreams. The course guide was good for
this and it's going to be on my desk for quite a while as I spend more time
with SELinux.

On a personal note I made the mistake of not doing enough before I went in
to the course. While administrating SELinux becomes easier with every Red
Hat release at its core SELinux is a comprehensive security framework and
isn't something you pick up end to end in a week. As we were reminded on
the exam ;) I think I'd have picked up more from the labs and exam if I
used the course to refine my skills and process rather than start from
scratch. Lesson learned.

Study materials for the course are very thin on the ground so I'd
  • Read the Redhat guides to SELinux and Managing Confined Services
  • Read all the SELinux presentation slides from the Redhat Summit
  • All the new SELinux goodness from Fedora by one of the main SELinux people - Dan Walsh's Blog

I got my results in under 24 hours (which is excellent considering it's
a weekend) - I managed a pass, not a great one but still a pass - and I
learned a lot about SELinux so I wouldn't rule out doing another Red
Hat Certificate of Expertise in the future from what I've experienced
with this one.

Now I need to figure out what to look at next while saving up ;)


  • ChooseLifeChooseLife Member Posts: 941 ■■■■■■■□□□
    Awesome, thanks for this review! Also, congrats on passing the exam!
    “You don’t become great by trying to be great. You become great by wanting to do something, and then doing it so hard that you become great in the process.” (c) xkcd #896

    - discounted vouchers for certs
  • onesaintonesaint Member Posts: 801
    Congrats! Great review as well.
    Work in progress: picking up Postgres, elastisearch, redis, Cloudera, & AWS.
    Next up: eventually the RHCE and to start blogging again.

    Control Protocol; my blog of exam notes and IT randomness
  • crashdumpcrashdump Banned Posts: 134
    Congratulation. You are a real Master, because most admins disable SELinux.

    Your next step: Red Hat Certified Security Specialist — RHCSS

    Red Hat | Training | Red Hat Certified Security Specialist
    • Use of cryptographic tools in Red Hat Enterprise Linux® that can secure network services, including DNS, SMTP, and POP/IMAP
    • File encryption using GPG to secure files
    • Providing more secure network file sharing using Kerberos and NFSv4
    • Configuration of a Kerberos realm
    • Configuration of Red Hat Directory Server to provide a centralized directory with access control
    • Configuration of Red Hat Enterprise Linux clients to authenticate using various mechanisms, including Kerberos, LDAP, and Microsoft Active Directory
    • Customizing the default SELinux Targeted Policy implemented in Red Hat Enterprise Linux to address functional issues and needs
    • Specifying particular SELinux policies and enforcing modes
    • Implementing custom SELinux policies
  • jcadarshjcadarsh Banned Posts: 32 ■□□□□□□□□□
    Hey ! Congrats !

    Also did you write the exam on 5.1 or 5.8 ?
Sign In or Register to comment.