-
Archives
- May 2012
- April 2012
- March 2012
- February 2012
- January 2012
- December 2011
- November 2011
- October 2011
- September 2011
- August 2011
- July 2011
- June 2011
- May 2011
- April 2011
- March 2011
- February 2011
- January 2011
- December 2010
- November 2010
- October 2010
- September 2010
- August 2010
- July 2010
- June 2010
- May 2010
- April 2010
- February 2010
- January 2010
- December 2009
- October 2009
- September 2009
- August 2009
- April 2009
- February 2009
- December 2008
- September 2008
- August 2008
-
Meta
Monthly Archives: September 2011
Quickly setup a Gentoo system
In order to verify if the installation instructions in the Gentoo Handbook are still valid, and to allow me to quickly seed new Gentoo installations in a virtual environment, I wrote a very ugly (really) script to automatically “stage” a … Continue reading
Posted in Gentoo, Hardened
7 Comments
Power management guide updated
The Gentoo Power Management Guide is now updated. It is a full rewrite, focusing currently on two main toolsets: Laptop Mode Tools and cpufreqd. I was pleasantly surprised by the number of features that the laptop mode tools package provided. … Continue reading
Mitigating risks, part 4 – Mandatory Access Control
I’ve talked about service isolation earlier and the risks that it helps to mitigate. However, many applications still run as highly privileged accounts, or can be abused to execute more functions than intended. Service isolation doesn’t help there, and system … Continue reading
Posted in Architecture, Hardened, Security, SELinux
1 Comment
Catching up
As mentioned on the gentoo-doc mailinglist, all documentation bugs (that we know of) related to openrc have been fixed. It was already a week like so, but the last dependency on our “tracker” bug was an open one (asking if … Continue reading
Mitigating risks, part 3 – hardening
While I’m writing this post, my neighbor is shouting. He’s shouting so hard, that I was almost writing with CAPS on to make sure you could read me. But don’t worry, he’s not fighting – it is how he expresses … Continue reading
Posted in Architecture, Security
Leave a comment
Mitigating risks, part 2 – service isolation
Internet: absolute communication, absolute isolation ~Paul Carvel The quote might be ripped out of its context completely, since it wasn’t made when talking about risks and the assurance you might need to get in order to reduce risks. But it … Continue reading
Posted in Architecture, Security
Leave a comment
Mitigating risks, part 1
We are running Foobar 2.0 on Tomcat 4. We know that Tomcat 4 isn’t supported, but hey – our (internal) customer is happy that the Foobar application works and would like to keep it that way. Upgrading to Tomcat 5 … Continue reading
Posted in Architecture, Security
1 Comment
Now using refpolicy 2.20110726
A few days ago, I committed the SELinux policy modules that are based on the 2.20110726 set released upstream. For those that are using Gentoo Hardened with SELinux, you’ll find them if you use the ~arch set for the sec-policy … Continue reading
Posted in Hardened, SELinux
Leave a comment