Archives in Simplicity is a form of art...

Wed 06 January 2021
SELinux System Administration 3rd Edition
Fri 25 December 2020
Abstracting infrastructure complexity
Sun 04 October 2020
Working on infra strategy
Sun 09 September 2018
cvechecker 3.9 released
Sat 03 March 2018
Automating compliance checks
Wed 24 January 2018
Documenting a rule
Wed 17 January 2018
Structuring a configuration baseline
Sun 07 January 2018
Documenting configuration changes
Mon 20 November 2017
SELinux and extended permissions
Tue 26 September 2017
SELinux Userspace 2.7
Mon 11 September 2017
Authenticating with U2F
Wed 23 August 2017
Using nVidia with SELinux
Tue 22 August 2017
Switch to Gentoo sources
Tue 18 July 2017
Project prioritization
Wed 07 June 2017
Structuring infrastructural deployments
Thu 18 May 2017
Matching MD5 SSH fingerprint
Sun 09 April 2017
Switched to Lineage OS
Mon 27 March 2017
cvechecker 3.8 released
Mon 06 March 2017
Handling certificates in Gentoo Linux
Thu 02 March 2017
cvechecker 3.7 released
Tue 07 February 2017
I missed FOSDEM
Thu 22 December 2016
SELinux System Administration, 2nd Edition
Wed 12 October 2016
GnuPG: private key suddenly missing?
Tue 27 September 2016
We do not ship SELinux sandbox
Mon 26 September 2016
Mounting QEMU images
Wed 15 June 2016
Comparing Hadoop with mainframe
Sun 27 March 2016
Template was specified incorrectly
Sat 26 March 2016
Using salt-ssh with agent forwarding
Sun 13 March 2016
Trying out imapsync
Sat 07 November 2015
New cvechecker release
Sun 20 September 2015
Switching focus at work
Mon 14 September 2015
Getting su to work in init scripts
Thu 10 September 2015
Custom CIL SELinux policies in Gentoo
Sun 06 September 2015
Using multiple OpenSSH daemons
Wed 02 September 2015
Maintaining packages and backporting
Sat 29 August 2015
Doing away with interfaces
Tue 25 August 2015
Slowly converting from GuideXML to HTML
Sat 22 August 2015
Making the case for multi-instance support
Wed 19 August 2015
Switching OpenSSH to ed25519 keys
Sun 16 August 2015
Updates on my Pelican adventure
Thu 13 August 2015
Finding a good compression utility
Tue 11 August 2015
Why we do confine Firefox
Sun 09 August 2015
Can SELinux substitute DAC?
Fri 07 August 2015
Filtering network access per application
Wed 05 August 2015
My application base: Obnam
Mon 03 August 2015
Don't confuse SELinux with its policy
Sun 02 August 2015
Switching to Pelican
Wed 15 July 2015
Loading CIL modules directly
Sat 11 July 2015
Restricting even root access to a folder
Sun 05 July 2015
Intermediate policies
Sat 13 June 2015
Where does CIL play in the SELinux system?
Wed 10 June 2015
Live SELinux userspace ebuilds
Mon 25 May 2015
PostgreSQL with central authentication and authorization
Mon 18 May 2015
Testing with permissive domains
Sun 10 May 2015
Audit buffering and rate limiting
Thu 30 April 2015
Use change management when you are using SELinux to its fullest
Mon 27 April 2015
Moving closer to 2.4 stabilization
Fri 06 March 2015
Trying out Pelican, part one
Sun 15 February 2015
CIL and attributes
Sun 08 February 2015
Have dhcpcd wait before backgrounding
Wed 21 January 2015
Old Gentoo system? Not a problem...
Sat 03 January 2015
SELinux is great for enterprises (but many don't know it yet)
Sat 03 January 2015
Gentoo Wiki is growing
Tue 23 December 2014
Added UEFI instructions to AMD64/x86 handbooks
Fri 12 December 2014
Gentoo Handbooks almost moved to wiki
Wed 10 December 2014
Sometimes I forget how important communication is
Sun 02 November 2014
No more DEPENDs for SELinux policy package dependencies
Fri 31 October 2014
Using multiple priorities with modules
Thu 30 October 2014
Migrating to SELinux userspace 2.4 (small warning for users)
Sun 19 October 2014
Lots of new challenges ahead
Wed 24 September 2014
After SELinux System Administration, now the SELinux Cookbook
Fri 29 August 2014
Gentoo Hardened august meeting
Tue 19 August 2014
Switching to new laptop
Sat 09 August 2014
Some changes under the hood
Fri 01 August 2014
Gentoo Hardened July meeting
Wed 09 July 2014
Segmentation fault when emerging packages after libpcre upgrade?
Wed 02 July 2014
Multilib in Gentoo
Mon 30 June 2014
D-Bus and SELinux
Sun 29 June 2014
D-Bus, quick recap
Sun 22 June 2014
Chroots for SELinux enabled applications
Sun 15 June 2014
Gentoo Hardened, June 2014
Sat 31 May 2014
Visualizing constraints
Mon 12 May 2014
Revamped our SELinux documentation
Fri 09 May 2014
Dropping sesandbox support
Sun 20 April 2014
Stepping through the build process with ebuild
Thu 17 April 2014
If things are weird, check for policy.29
Tue 01 April 2014
What is that net-pf-## thingie?
Mon 31 March 2014
Proof of concept for USE enabled policies
Sun 30 March 2014
Decoding the hex-coded path information in AVC denials
Sun 30 March 2014
Managing Inter-Process Communication (IPC)
Fri 28 March 2014
Querying SELinux policy for boolean information
Thu 27 March 2014
Online hardened meeting of March
Wed 26 March 2014
Fixing the busybox build failure
Tue 25 March 2014
Talk about SELinux on GSE Linux/Security
Mon 24 March 2014
Create your own SELinux Gentoo profile
Sun 16 March 2014
Closing week? No, starting week...
Sun 12 January 2014
Switching context depending on user code-wise
Thu 09 January 2014
Can Gentoo play a role in a RHEL-only environment?
Sun 29 December 2013
Upgrading old Gentoo installations
Thu 26 December 2013
Giving weights to compliance rules
Tue 24 December 2013
Doing a content check with OVAL
Sun 22 December 2013
What is OVAL?
Fri 20 December 2013
December hardened meeting
Fri 20 December 2013
Remediation through SCAP
Wed 18 December 2013
GPT or MBR in the Gentoo Handbook
Wed 18 December 2013
Running a bit with the XCCDF document
Mon 16 December 2013
Updated Linux Sea, now with viewport thingie
Mon 16 December 2013
XCCDF - Documenting a bit more than just descriptions
Sat 14 December 2013
An XCCDF skeleton for PostgreSQL
Thu 12 December 2013
Documenting security best practices - XCCDF introduction
Wed 11 December 2013
Gentoo SELinux policy release script
Wed 11 December 2013
November online hardened meeting
Tue 10 December 2013
Majority of GDP documents moved to Gentoo wiki
Tue 05 November 2013
New SELinux userspace release
Sun 03 November 2013
The mix of libffi with other changes
Thu 24 October 2013
Gentoo Hardened meeting 201310
Sun 20 October 2013
In-browser encryption for online password management
Mon 30 September 2013
A bug please...
Fri 27 September 2013
It has finally arrived: SELinux System Administration
Thu 26 September 2013
Aaaand we're back - hardened monthly meeting
Wed 25 September 2013
Underestimated or underused: Portage (e)logging
Tue 24 September 2013
Creating a poor man central SCAP system
Thu 19 September 2013
Switching gpg key to 0x2EDD52403B68AF47
Mon 16 September 2013
cvechecker 3.3 released
Thu 29 August 2013
Gentoo Hardened progress report
Fri 23 August 2013
Umounting IPv6 NFS(v4) mounts
Fri 23 August 2013
Why our policies don't like emerge --config
Wed 21 August 2013
Network routing based on SELinux?
Fri 16 August 2013
Using CUSTOM_BUILDOPT in refpolicy for USE flag-alike functionality?
Thu 15 August 2013
Today was a productive day
Thu 15 August 2013
Some things sound more scary than they are
Thu 01 August 2013
And now, 31 days later...
Thu 01 August 2013
Putting OVAL at work
Sun 28 July 2013
Moving Gentoo docs to the wiki
Mon 08 July 2013
Rebuilding SELinux contexts with sefcontext_compile
Sun 07 July 2013
Adding mcstrans to Gentoo
Thu 27 June 2013
Hardening is our business... new monthly report ;-)
Sun 09 June 2013
My application base: graphviz
Sat 08 June 2013
My application base: LibreOffice
Fri 07 June 2013
My application base: firefox
Thu 06 June 2013
My application base: bash and kiss tools
Wed 05 June 2013
My application base: geekie
Tue 04 June 2013
My application base: freemind
Mon 03 June 2013
My application base: draw.io
Sun 02 June 2013
Using extended attributes for custom information
Sat 01 June 2013
Hacking java bytecode with dhex
Fri 31 May 2013
A SELinux policy for incron: finishing up
Thu 30 May 2013
A SELinux policy for incron: using booleans
Wed 29 May 2013
A SELinux policy for incron: marking types eligible for watching
Tue 28 May 2013
A SELinux policy for incron: default set
Mon 27 May 2013
A SELinux policy for incron: the incrond daemon
Sun 26 May 2013
A SELinux policy for incron: new types and transitions
Sat 25 May 2013
A SELinux policy for incron: basic set for incrontab
Fri 24 May 2013
A SELinux policy for incron: our first interface
Thu 23 May 2013
A SELinux policy for incron: the basic skeleton
Wed 22 May 2013
A SELinux policy for incron: what does it do?
Tue 21 May 2013
Why oh why does a process run in unlabeled_t?
Mon 20 May 2013
A simple IPv6 setup
Sun 19 May 2013
The weird "audit_access" permission
Sat 18 May 2013
Commandline SELinux policy helper functions
Fri 17 May 2013
Looking at the local Linux kernel privilege escalation
Thu 16 May 2013
Gentoo Hardened spring notes
Thu 16 May 2013
Public support channels: irc
Wed 15 May 2013
Overriding the default SELinux policies
Tue 14 May 2013
Highlevel assessment of Cdorked and Gentoo Hardened/SELinux
Mon 13 May 2013
SECMARK and SELinux
Sun 12 May 2013
Peer labeling in SELinux policy
Sat 11 May 2013
SELinux policy and network controls
Fri 10 May 2013
Gentoo metadata support for CPE
Thu 09 May 2013
Enabling Kernel Samepage Merging (KSM)
Wed 08 May 2013
The Linux ".d" approach
Tue 07 May 2013
Added "predictable network interface" info into the handbook
Mon 06 May 2013
Overview of Linux capabilities, part 3
Sun 05 May 2013
Overview of Linux capabilities, part 2
Sat 04 May 2013
Overview of Linux capabilities, part 1
Fri 03 May 2013
Restricting and granting capabilities
Thu 02 May 2013
Capabilities, a short intro
Wed 01 May 2013
SELinux mount options
Tue 30 April 2013
Qemu-KVM monitor tips and tricks
Mon 29 April 2013
photorec to the rescue
Sun 28 April 2013
Securely handling libffi
Sat 27 April 2013
How logins get their SELinux user context
Fri 26 April 2013
New SELinux userspace release
Thu 25 April 2013
Gentoo protip: using buildpkgonly
Wed 24 April 2013
Using strace to troubleshoot SELinux problems
Tue 23 April 2013
SLOT'ing the old swig-1
Mon 22 April 2013
Mitigating DDoS attacks
Sun 21 April 2013
Introducing selocal for small SELinux policy enhancements
Sat 20 April 2013
Transforming GuideXML to DocBook
Fri 19 April 2013
Comparing performance with sysbench: performance analysis
Fri 19 April 2013
Comparing performance with sysbench: memory, threads and mutexes
Thu 18 April 2013
Another Gentoo Hardened month has passed
Thu 18 April 2013
Comparing performance with sysbench: cpu and fileio
Thu 18 April 2013
Simple drawing for I/O positioning
Tue 16 April 2013
What could SELinux have done to mitigate the postgresql vulnerability?
Thu 11 April 2013
Integrity checking with AIDE
Tue 09 April 2013
Not needing run_init for password-less service management
Tue 09 April 2013
How far reaching vulnerabilities can go
Sun 07 April 2013
Separate puppet provider for Gentoo/SELinux?
Thu 04 April 2013
Matching packages with CVEs
Tue 02 April 2013
Linux Sea and ePub update
Wed 20 March 2013
Fiddling with puppet apply
Mon 18 March 2013
SELinux tutorial series, update
Fri 15 March 2013
SELinux tutorial series
Thu 07 March 2013
Gentoo Hardened progress meeting of march 2013
Mon 25 February 2013
Uploading selinuxnode test VM
Sat 23 February 2013
Working on a new selinuxnode VM
Tue 12 February 2013
Transforming GuideXML to wiki
Thu 07 February 2013
Gentoo Hardened goes onward (aka project meeting)
Mon 31 December 2012
Why would paid-for support be better?
Sat 29 December 2012
IMA and EVM on Gentoo, part 2
Thu 27 December 2012
Gentoo Hardened IMA support
Thu 20 December 2012
Switching policy types in Gentoo/SELinux
Thu 13 December 2012
Another hardened month has passed...
Mon 10 December 2012
Using pam_selinux to switch contexts
Sat 08 December 2012
Using stunnel for mutual authentication
Thu 06 December 2012
nginx as reverse SMTP proxy
Sun 25 November 2012
Why you need the real_* thing with genkernel
Sat 17 November 2012
The hardened project continues going forward...
Sun 11 November 2012
Local policy management script
Sun 14 October 2012
Gentoo Hardened progress meeting
Thu 27 September 2012
git patch apply
Tue 28 August 2012
Perimeter security testing
Sat 25 August 2012
Gentoo Hardened in August
Mon 20 August 2012
Lots of work on supporting swig-2
Tue 14 August 2012
Adding roles to the Gentoo Hardened SELinux policy
Mon 30 July 2012
Kickstarting the Integrity subproject
Thu 26 July 2012
Gentoo Hardened on the move
Sun 22 July 2012
Dynamic transitions in SELinux
Sat 21 July 2012
Hardening the Linux kernel updates
Fri 20 July 2012
Hardening the Linux kernel
Wed 18 July 2012
Hardening OpenSSH
Mon 16 July 2012
Updated Gentoo Hardened/SELinux VM image
Tue 10 July 2012
Gentoo Hardened/SELinux VM image
Fri 29 June 2012
Gentoo Summer of Documentation - Let's do it!
Sun 24 June 2012
Had to edit /etc/init.d/root
Sun 24 June 2012
Overview of SELinux changes
Sat 26 May 2012
Python 3 support for SELinux userland, tests and policy rev 10
Thu 24 May 2012
Catching up, but stuff is piling...
Fri 04 May 2012
Keeping /selinux
Sun 29 April 2012
20120215 policies now stable
Fri 20 April 2012
Linux Sea now in ePub
Sun 15 April 2012
Why both chroot and SELinux?
Sat 14 April 2012
Chrooted BIND for IPv6 with SELinux
Thu 12 April 2012
Documentation updates for initramfs needed?
Sat 07 April 2012
Get your devtmpfs ready
Sun 25 March 2012
More on initramfs and SELinux
Mon 12 March 2012
Hunting fuser
Sun 26 February 2012
Introducing 2.20120215 policies
Fri 24 February 2012
Transitioning to MCS policies
Sun 29 January 2012
This months' stabilization done, more to come
Sun 15 January 2012
Trying out initramfs with selinux and grsec
Sat 31 December 2011
Unix domain sockets are files
Mon 26 December 2011
Gentoo WiKi & Knowledge Base
Fri 23 December 2011
Supporting fix scripts for XCCDF content and maintaining the documents
Mon 19 December 2011
SELinux Gentoo/Hardened state 2011-12-19
Tue 29 November 2011
Supporting CC-BY-SA 3.0
Thu 17 November 2011
SELinux Gentoo/Hardened state 2011-11-17
Wed 16 November 2011
Gentoo Security Benchmark with OVAL and Open-SCAP
Tue 25 October 2011
Centers of Excellence
Sun 23 October 2011
SELinux' 2011/07 releases now stable
Thu 13 October 2011
Gentoo Hardened SELinux policies, rev 5
Thu 13 October 2011
Upgrading GCC, revisited
Wed 05 October 2011
Mitigating risks, part 5 - application firewalls
Sat 24 September 2011
Quickly setup a Gentoo system
Fri 23 September 2011
Power management guide updated
Fri 23 September 2011
Mitigating risks, part 4 - Mandatory Access Control
Sun 18 September 2011
Catching up
Tue 13 September 2011
Mitigating risks, part 3 - hardening
Fri 09 September 2011
Mitigating risks, part 2 - service isolation
Mon 05 September 2011
Mitigating risks, part 1
Sun 04 September 2011
Now using refpolicy 2.20110726
Wed 24 August 2011
Use parted for large partitions
Mon 22 August 2011
Easy documentation updates thanks to the many contributions
Fri 12 August 2011
Ready, set, commit!
Sun 24 July 2011
checksec kernel security
Fri 22 July 2011
emerge-webrsync and gpg verification
Thu 21 July 2011
Preliminary SELinux MCS support in Gentoo Hardened
Fri 15 July 2011
High level explanation on some binary executable security
Thu 14 July 2011
Some people on #selinux are ... dolphins
Thu 14 July 2011
On the new SELinux profiles
Sat 09 July 2011
Gentoo Hardened SELinux state
Mon 13 June 2011
What's next after stabilization?
Wed 01 June 2011
Policy 25, 26
Sun 15 May 2011
SELinux file contexts
Tue 03 May 2011
SELinux Gentoo profile updates
Mon 02 May 2011
SELinux User-Based Access Control
Fri 22 April 2011
SELinux and noatsecure, or why portage complains about LD_PRELOAD and libsandbox.so
Tue 12 April 2011
cvechecker 3.0
Sun 27 March 2011
cvechecker updates
Sat 19 March 2011
Restoring configuration files on Gentoo
Wed 09 March 2011
Updates on SELinux docs, added FAQ
Thu 03 March 2011
Portage fails to build due to SELinux?
Wed 02 March 2011
Updates on the Gentoo Hardened SELinux state
Sun 27 February 2011
Temporary script for Gentoo Hardened SELinux users
Thu 24 February 2011
About time...
Sat 19 February 2011
cvechecker update
Sat 12 February 2011
File System Labels in Linux Sea
Sun 06 February 2011
SELinux for Gentoo Hardened
Fri 21 January 2011
"Gentoo in production?" Oh no, not again...
Sun 16 January 2011
Confining user applications
Thu 30 December 2010
Why I have backups
Wed 01 December 2010
cvechecker 2.0 released
Sat 27 November 2010
Helping with version detection rules in cvechecker
Tue 02 November 2010
Delta processing in cvechecker
Sat 30 October 2010
SELinux enforcing for console activity
Thu 14 October 2010
Risk identification
Fri 01 October 2010
cvechecker 1.0 released
Tue 14 September 2010
SELinux quicky
Sun 12 September 2010
Switching to hardened
Fri 10 September 2010
prezi presentations
Wed 08 September 2010
cvechecker 0.6 released
Sat 04 September 2010
Linux Sea last content chapter
Sat 04 September 2010
devops - how hard can it/it can be
Thu 02 September 2010
Linux Sea: log file management and backups
Thu 02 September 2010
cvechecker 0.5 released
Mon 30 August 2010
qemu monitor cd change
Thu 26 August 2010
Added "iw" support to Linux Sea
Wed 25 August 2010
cvechecker 0.4 released
Wed 25 August 2010
I remain impressed by the free software community
Sun 22 August 2010
cvechecker userguide
Fri 20 August 2010
cvechecker 0.3 released
Mon 16 August 2010
cvechecker 0.2 released
Sat 14 August 2010
cvechecker 0.1 released
Fri 13 August 2010
HP webcam on Linux
Fri 13 August 2010
New laptop, time to play
Fri 23 July 2010
Linux Sea sources online, cvechecker still in development
Mon 12 July 2010
cvechecker in development mode
Sat 05 June 2010
OVAL, SCAP, CVE, CPE, ...
Sat 05 June 2010
Listing files of (not) installed software
Thu 03 June 2010
GSE TWS BeLux 2010
Wed 19 May 2010
Question yourself v3
Tue 11 May 2010
Question yourself v2
Sun 02 May 2010
Question yourself
Thu 22 April 2010
SAI and N-O-SQL
Thu 22 April 2010
A dozen pages added
Tue 16 February 2010
License support in Gentoo
Mon 18 January 2010
Executing, but only when you're home
Fri 11 December 2009
Switching to database architecture
Wed 02 December 2009
Translations to "Linux Sea"
Mon 19 October 2009
Small updates on Linux Sea
Mon 05 October 2009
Online image gallery
Tue 01 September 2009
Added quota information
Mon 10 August 2009
Draft PDF for Linux Sea
Sat 18 April 2009
Darwin Information Typing Architecture
Tue 10 February 2009
Linux Sea is progressing slowly but surely
Thu 18 December 2008
Extremely simple task manager
Thu 25 September 2008
hex2passwd, a password generator
Mon 15 September 2008
Adding exercises and resources
Thu 21 August 2008
Linux Sea - Updates on graphical environment chapter
Mon 18 August 2008
Playing with gqview