Creating a poor man central SCAP system

A few weeks ago, I was asked to give some explanation about how SCAP content can be used in companies to improve their infrastructure knowledge. The focus back then was to look at benchmarks (secure states) and violations, but other functionality should not be ignored. I'm not going to talk …

more ...

Switching gpg key to 0x2EDD52403B68AF47

I recently switched my GnuPG key. The previous key - which is still in place for now (no revocation send out yet) - was 0x5DFAB3ECCDBA2FDB and was a 1024 bit DSA key. The new one, 0x2EDD52403B68AF47, is a 4096 bit RSA key. It also has the following preferences:

gpg> showpref
[ultimate] (1 …
more ...

cvechecker 3.3 released

I just uploaded a new release of cvechecker to the project files. The release is a (long overdue) bugfix release, but includes two small enhancements: support standard input for the binary list (so you can pipe the output of one command to cvechecker) and the introduction of the CVECHECKER_CONFFILE variable …

more ...


Umounting IPv6 NFS(v4) mounts

I had issues umounting my NFSv4 shares on an IPv6-only network. When trying to umount the share, it said that it couldn't find the mount in /proc/mounts:

~# umount /mnt/nfs/portage
/mnt/nfs/portage was not found in /proc/mounts

The solution: copy /proc/mounts to /etc/mtab, and …

more ...



Using CUSTOM_BUILDOPT in refpolicy for USE flag-alike functionality?

As you are probably aware, Gentoo uses the reference policy as its base for SELinux policies. Yes, we do customize it and not everything is already pushed upstream (for instance, our approach to use xdg_*_home_t customizable types to further restrict user application access has been sent up for comments …

more ...