Author Archives: swift

Mitigating risks, part 1

Posted on September 5, 2011 by swift

We are running Foobar 2.0 on Tomcat 4. We know that Tomcat 4 isn’t supported, but hey – our (internal) customer is happy that the Foobar application works and would like to keep it that way. Upgrading to Tomcat 5 … Continue reading →

Posted in Architecture, Security | 1 Comment

Now using refpolicy 2.20110726

Posted on September 4, 2011 by swift

A few days ago, I committed the SELinux policy modules that are based on the 2.20110726 set released upstream. For those that are using Gentoo Hardened with SELinux, you’ll find them if you use the ~arch set for the sec-policy … Continue reading →

Posted in Hardened, SELinux | Leave a comment

Use parted for large partitions

Posted on August 24, 2011 by swift

A few bugs that were sitting in Gentoo’s bugzilla for the documentation were related to large partitions (2 TB and higher). Previously, this wasn’t as much as an issue since the number of users that have 2+ TB partitions are … Continue reading →

Posted in Gentoo | 2 Comments

Easy documentation updates thanks to the many contributions

Posted on August 22, 2011 by swift

As mentioned previously, I took a stab at the Gentoo Guide to OpenLDAP Authentication, updating its configuration settings as well as give an introduction to its replication mechanism. Although I am no OpenLDAP guru at all, I set up a … Continue reading →

Posted in Gentoo, Hardened, SELinux | Leave a comment

Ready, set, commit!

Posted on August 12, 2011 by swift

Yesterday, I have entered the realms of Gentoo Development again. But as it was getting late then, I had to wait before the first commits happened. So this evening, things were done. The first couple of documentation bugs (mostly related … Continue reading →

Posted in Hardened | 2 Comments

checksec kernel security

Posted on July 24, 2011 by swift

I have blogged about checksec.sh earlier before. Jono, one of the #gentoo-hardened IRC-members, kindly pointed me to its –kernel option. So I feel obliged to give its options a stab as well. So, here goes the next batch of OPE-style … Continue reading →

Posted in Gentoo, Hardened, Security | 1 Comment

emerge-webrsync and gpg verification

Posted on July 22, 2011 by swift

Gentoo has been working on its security from very early on. One of the (many) features it supports is to allow users to validate the state of the portage tree. Ebuild signing (where developers sign the Manifest file with their … Continue reading →

Posted in Gentoo | 2 Comments

Preliminary SELinux MCS support in Gentoo Hardened

Posted on July 21, 2011 by swift

Users tracking the hardened-dev overlay for SELinux packages will notice yet another update on the selinux-base-policy package. This time however, the change is a little more than just a policy update. With this new revision, preliminary support for Multi-Category Security … Continue reading →

Posted in Hardened, SELinux | Leave a comment

High level explanation on some binary executable security

Posted on July 15, 2011 by swift

One very important functionality offered by Gentoo Hardened is a specific toolchain (compiler, libraries and more) that contains patches to make the built binaries a bit more protected from certain vulnerabilities. Explaining all those in detail is too much for … Continue reading →

Posted in Hardened, Security | Leave a comment

Some people on #selinux are … dolphins

Posted on July 14, 2011 by swift

A very useful resource for anyone working on or with SELinux policies is the #selinux chat channel on irc.freenode.net. People like Dominick Grift and Dan Walsh you would first think are IRC bots (being online all the time, answering questions), … Continue reading →

Posted in SELinux | Leave a comment

Author Archives: swift

Archives

Meta