Category Archives: Hardened

This months’ stabilization done, more to come

Posted on January 29, 2012 by swift

A small notification to tell you that the SELinux policies that were pushed to the main tree 30 days (or more) ago have now been stabilized (none of them introduced problems, although some of them have other bugs still open … Continue reading →

Posted in Hardened | 1 Comment

Trying out initramfs with selinux and grsec

Posted on January 15, 2012 by swift

I’m no fan of initramfs. All my systems boot up just fine without it, so I often see it as an additional layer of obfuscation. But there are definitely cases where initramfs is needed, and from the looks of it, … Continue reading →

Posted in Hardened, SELinux | 9 Comments

SELinux Gentoo/Hardened state 2011-12-19

Posted on December 19, 2011 by swift

On december 14th, the Gentoo Hardened project had its monthly online meeting to discuss the current state of affairs of its projects and subprojects. Amongst them, the updates on the SELinux-front were presented as well. Since last meeting, the follow … Continue reading →

Posted in Hardened, SELinux | 2 Comments

SELinux Gentoo/Hardened state 2011-11-17

Posted on November 17, 2011 by swift

A small write-down on the Gentoo Hardened SELinux state-of-affairs, largely triggered because there was an online meeting for the Gentoo Hardened project today. The SELinux policies offered in the sec-policy category are based on the latest refpolicy release. The older … Continue reading →

Posted in Hardened | Leave a comment

Gentoo Security Benchmark with OVAL and Open-SCAP

Posted on November 16, 2011 by swift

A while ago, I got referred to the Open Vulnerability and Assessment Language, which seems to be an open specification (or even standard) for defining security content/information and being able to document such things in a way that tools can … Continue reading →

Posted in Gentoo, Hardened, Security | Leave a comment

SELinux’ 2011/07 releases now stable

Posted on October 23, 2011 by swift

A few minutes ago, I stabilized both the 2.20110726 policies as well as the SELinux userspace utilities that were stable (upstream) on 20110727. With the change, I also updated the Gentoo SELinux Handbook with the changes I presented on our … Continue reading →

Posted in Hardened, SELinux | Leave a comment

Gentoo Hardened SELinux policies, rev 5

Posted on October 13, 2011 by swift

I’ve pushed out selinux-base-policy version 2.20110726-r5 to the hardened-dev overlay. It does not hold huge changes, most of them are rewrites or updates on pre-existing patches (on the SELinux policies) to make them conform the refpolicy naming conventions and other … Continue reading →

Posted in Hardened, SELinux | Leave a comment

Quickly setup a Gentoo system

Posted on September 24, 2011 by swift

In order to verify if the installation instructions in the Gentoo Handbook are still valid, and to allow me to quickly seed new Gentoo installations in a virtual environment, I wrote a very ugly (really) script to automatically “stage” a … Continue reading →

Posted in Gentoo, Hardened | 7 Comments

Mitigating risks, part 4 – Mandatory Access Control

Posted on September 23, 2011 by swift

I’ve talked about service isolation earlier and the risks that it helps to mitigate. However, many applications still run as highly privileged accounts, or can be abused to execute more functions than intended. Service isolation doesn’t help there, and system … Continue reading →

Posted in Architecture, Hardened, Security, SELinux | 1 Comment

Now using refpolicy 2.20110726

Posted on September 4, 2011 by swift

A few days ago, I committed the SELinux policy modules that are based on the 2.20110726 set released upstream. For those that are using Gentoo Hardened with SELinux, you’ll find them if you use the ~arch set for the sec-policy … Continue reading →

Posted in Hardened, SELinux | Leave a comment

Category Archives: Hardened

Archives

Meta