Project 1: SELinux Context Explorer & Visualizer

A CLI tool that explores and visualizes security contexts across your system—showing processes, files, ports with their labels, creating reports showing the security landscape.

Quick Reference

Attribute Value
Primary Language Python
Alternative Languages Bash, Go, Rust
Difficulty Level 1: Beginner
Time Estimate Weekend
Knowledge Area SELinux Fundamentals / Security Contexts
Tooling SELinux userspace tools
Prerequisites Basic Python, RHEL/Fedora/CentOS VM with SELinux enabled

What You Will Build

A CLI tool that explores and visualizes security contexts across your system—showing processes, files, ports with their labels, creating reports showing the security landscape.

Why It Matters

This project builds core skills that appear repeatedly in real-world systems and tooling.

Core Challenges

  • Parsing security contexts → understanding user:role:type:level format
  • Querying multiple object types → files, processes, ports all have contexts
  • Detecting unlabeled or misconfigured objects → common SELinux problems

Key Concepts

  • Security Context Format: “SELinux by Example” Ch. 2 - Frank Mayer
  • File Labeling: “SELinux System Administration” Ch. 5 - Sven Vermeulen

Real-World Outcome

$ ./selinux-explorer --summary

╔═══════════════════════════════════════════════════════════════════╗
║                    SELinux Context Explorer v1.0                   ║
║ System Status: ENFORCING    Policy: targeted                      ║
╚═══════════════════════════════════════════════════════════════════╝

┌─ PROCESS DOMAINS (Top 10) ────────────────────────────────────────┐
│ Domain          │ Count │ Example                                 │
│ unconfined_t    │   127 │ /usr/bin/bash                          │
│ httpd_t         │     8 │ /usr/sbin/httpd                        │
│ sshd_t          │     3 │ /usr/sbin/sshd                         │
└───────────────────────────────────────────────────────────────────┘

⚠️  WARNINGS:
• 3 files with unlabeled_t in /var/www/html/upload/
  Run: restorecon -Rv /var/www/html/upload/

Implementation Guide

  1. Reproduce the simplest happy-path scenario.
  2. Build the smallest working version of the core feature.
  3. Add input validation and error handling.
  4. Add instrumentation/logging to confirm behavior.
  5. Refactor into clean modules with tests.

Milestones

  • Milestone 1: Minimal working program that runs end-to-end.
  • Milestone 2: Correct outputs for typical inputs.
  • Milestone 3: Robust handling of edge cases.
  • Milestone 4: Clean structure and documented usage.

Validation Checklist

  • Output matches the real-world outcome example
  • Handles invalid inputs safely
  • Provides clear errors and exit codes
  • Repeatable results across runs

References

  • Main guide: SELINUX_DEEP_DIVE_LEARNING_PROJECTS.md
  • “SELinux System Administration, 3rd Edition” by Sven Vermeulen