Category Archives: Security

SELinux Gentoo/Hardened state 2011-12-19

Posted on December 19, 2011 by swift

On december 14th, the Gentoo Hardened project had its monthly online meeting to discuss the current state of affairs of its projects and subprojects. Amongst them, the updates on the SELinux-front were presented as well. Since last meeting, the follow … Continue reading →

Posted in Hardened, SELinux | 2 Comments

Gentoo Security Benchmark with OVAL and Open-SCAP

Posted on November 16, 2011 by swift

A while ago, I got referred to the Open Vulnerability and Assessment Language, which seems to be an open specification (or even standard) for defining security content/information and being able to document such things in a way that tools can … Continue reading →

Posted in Gentoo, Hardened, Security | Leave a comment

SELinux’ 2011/07 releases now stable

Posted on October 23, 2011 by swift

A few minutes ago, I stabilized both the 2.20110726 policies as well as the SELinux userspace utilities that were stable (upstream) on 20110727. With the change, I also updated the Gentoo SELinux Handbook with the changes I presented on our … Continue reading →

Posted in Hardened, SELinux | Leave a comment

Gentoo Hardened SELinux policies, rev 5

Posted on October 13, 2011 by swift

I’ve pushed out selinux-base-policy version 2.20110726-r5 to the hardened-dev overlay. It does not hold huge changes, most of them are rewrites or updates on pre-existing patches (on the SELinux policies) to make them conform the refpolicy naming conventions and other … Continue reading →

Posted in Hardened, SELinux | Leave a comment

Mitigating risks, part 5 – application firewalls

Posted on October 5, 2011 by swift

The last isolation-related aspect on risk mitigation is called application firewalls. Like more “regular” firewalls, its purpose is to be put in front of a service, controlling which data/connections get through and which don’t. But unlike these regular firewalls, application … Continue reading →

Posted in Architecture, Security | Leave a comment

Mitigating risks, part 4 – Mandatory Access Control

Posted on September 23, 2011 by swift

I’ve talked about service isolation earlier and the risks that it helps to mitigate. However, many applications still run as highly privileged accounts, or can be abused to execute more functions than intended. Service isolation doesn’t help there, and system … Continue reading →

Posted in Architecture, Hardened, Security, SELinux | 1 Comment

Mitigating risks, part 3 – hardening

Posted on September 13, 2011 by swift

While I’m writing this post, my neighbor is shouting. He’s shouting so hard, that I was almost writing with CAPS on to make sure you could read me. But don’t worry, he’s not fighting – it is how he expresses … Continue reading →

Posted in Architecture, Security | Leave a comment

Mitigating risks, part 2 – service isolation

Posted on September 9, 2011 by swift

Internet: absolute communication, absolute isolation ~Paul Carvel The quote might be ripped out of its context completely, since it wasn’t made when talking about risks and the assurance you might need to get in order to reduce risks. But it … Continue reading →

Posted in Architecture, Security | Leave a comment

Mitigating risks, part 1

Posted on September 5, 2011 by swift

We are running Foobar 2.0 on Tomcat 4. We know that Tomcat 4 isn’t supported, but hey – our (internal) customer is happy that the Foobar application works and would like to keep it that way. Upgrading to Tomcat 5 … Continue reading →

Posted in Architecture, Security | 1 Comment

Now using refpolicy 2.20110726

Posted on September 4, 2011 by swift

A few days ago, I committed the SELinux policy modules that are based on the 2.20110726 set released upstream. For those that are using Gentoo Hardened with SELinux, you’ll find them if you use the ~arch set for the sec-policy … Continue reading →

Posted in Hardened, SELinux | Leave a comment

Category Archives: Security

Archives

Meta