cvechecker 3.0

I'm pleased to announce the immediate availability of cvechecker 3.0. It contains two major feature enhancements: watchlists and MySQL support.

watchlists allow cvechecker to track and report on CVEs for software that cvechecker didn't detect on the system (or perhaps even isn't installed on the system). You can use …

more ...

cvechecker updates

The in-svn version of cvechecker has seen quite a few changes in the last few days. I'm adding support for MySQL to it. This support will be added in three steps:

  1. support the same features as cvechecker currently does using sqlite
  2. streamline the database code so that duplicate code in …
more ...

Restoring configuration files on Gentoo

If you work with Gentoo, you're probably aware of tools like etc-update and dispatch-conf. If you use dispatch-conf, you might know that it supports rcs for version control of the changes it makes. But if you have enabled it, you might be wondering how to actually restore configuration files with …

more ...


Portage fails to build due to SELinux?

If you're having troubles getting Portage to build packages due to SELinux, then the reason usually is that it is unable to transition to the proper portage domains. You'll get a nice OSError back with an ugly backtrace, saying somewhere that "setexeccon" is misbehaving.

Now, the real issue (not being …

more ...

Updates on the Gentoo Hardened SELinux state

For those following the progress of SELinux support in Gentoo Hardened...

In the hardened-development overlay, the selinux-base-policy package has been updated, hopefully fixing a nasty issue with support for the targeted policy (up to today, I only tested strict policies so I missed that). It also fixes an issue with …

more ...

Temporary script for Gentoo Hardened SELinux users

If you are currently using Gentoo Hardened with SELinux, you might have noticed that we are currently lacking the proper dependencies within our Portage tree upon the SELinux policies (or, in other words, installing a package doesn't guarantee that the SELinux policy needed for that package is pulled in as …

more ...

About time...

I was just wondering why "UTC" stood for "Coordinated Universal Time". Apparently (okay, citing Wikipedia here, so be critical), it's of two main reasons: English and French speaking folks that were participating in that discussion wanted their language to be presented in the abbreviation (English wants "CUT - Coordinated Universal Time …

more ...

cvechecker update

A while ago, I got the request to enhance cvechecker with support for providing a list of installed software (or software you want to watch over with cvechecker) even if cvechecker isn't able to detect that software on your system. I've implemented this and it is currently available in the …

more ...

File System Labels in Linux Sea

I have added some information on file system labels in Linux Sea (PDF). If you don't know what labels are (or UUIDs), here is a quick summary.

Most, if not all file systems, assign a universally unique identifier (UUID) which looks like a random hexadecimal string to each file system …

more ...