An XCCDF skeleton for PostgreSQL

In a previous post I wrote about the documentation structure I have in mind for a PostgreSQL security best practice. Considering what XCCDF can give us, the idea is to have the following structure:

Hardening PostgreSQL
+- Basic setup
+- Instance level configuration
|  +- Pre-startup configuration
|  `- PostgreSQL internal configuration
+- Database recommendations
`- User definitions …
more ...




Switching gpg key to 0x2EDD52403B68AF47

I recently switched my GnuPG key. The previous key - which is still in place for now (no revocation send out yet) - was 0x5DFAB3ECCDBA2FDB and was a 1024 bit DSA key. The new one, 0x2EDD52403B68AF47, is a 4096 bit RSA key. It also has the following preferences:

gpg> showpref
[ultimate] (1 …
more ...

cvechecker 3.3 released

I just uploaded a new release of cvechecker to the project files. The release is a (long overdue) bugfix release, but includes two small enhancements: support standard input for the binary list (so you can pipe the output of one command to cvechecker) and the introduction of the CVECHECKER_CONFFILE variable …

more ...