Why you need the real_* thing with genkernel
by Sven Vermeulen, post on Sun 25 November 2012Today it bit me. I rebooted my workstation, and all hell broke loose. Well, actually, it froze. Literally, if you consider my root file system. When the system tried to remount the root file system read-write, it gave me this:
mount: / not mounted or bad option
So I did the …
The hardened project continues going forward...
by Sven Vermeulen, post on Sat 17 November 2012This wednesday, the Gentoo Hardened team held its monthly online meeting, discussing the things that have been done the last few weeks and the ideas that are being worked out for the next. As I did with the last few meetings, allow me to summarize it for all interested parties …
Gentoo Hardened progress meeting
by Sven Vermeulen, post on Sun 14 October 2012Not that long ago we had our monthly Gentoo Hardened project meeting (on October 3rd to be exact). On these meetings, we discuss the progress of the project since the last meeting.
For our toolchain domain, Zorry reported that the PIE patchset is updated for GCC, fixing bug #436924. Blueness …
Gentoo Hardened in August
by Sven Vermeulen, post on Sat 25 August 2012Last wednesday Gentoo Hardened held its monthly online meeting to discuss the progress of the various subprojects, reconfirm the current project leads, talk about potential new projects and discuss some bugs that were getting on our nerves...
For the project leads, all current leads were reconfirmed: Zorry will keep tight …
Adding roles to the Gentoo Hardened SELinux policy
by Sven Vermeulen, post on Tue 14 August 2012I wrote a small section on how to create additional roles to the SELinux policy offered by Gentoo Hardened. Whereas the default policy that we provide only offers a few basic roles, any policy administrator can provide additional roles for the system.
By using additional roles, you can grant users …
Kickstarting the Integrity subproject
by Sven Vermeulen, post on Mon 30 July 2012Now that Gentoo Hardened has its integrity subproject, I started with writing down the concepts (draft - will move to the project site when finished!) used within the subproject: what is integrity, how does trust fit into this, what kind of technologies will we look at, etc. I'm hoping that this …
Gentoo Hardened on the move
by Sven Vermeulen, post on Thu 26 July 2012Gentoo Hardened is thriving and going forward. For those that don't exactly know what Gentoo Hardened is - it is a Gentoo project dedicated to bring Gentoo in a shape ready for highly secure, high stability production server environments. This is what we live by, and why we do what we …
Updated Gentoo Hardened/SELinux VM image
by Sven Vermeulen, post on Mon 16 July 2012I have updated the Gentoo Hardened/SELinux VM image, available on the
mirrors under experimental/amd64/qemu-selinux
.
The new image now asks for the keyboard layout, has a short DHCP timeout value (5 seconds) and provides the nano editor. If you plan on running the image using qemu, please use …
Gentoo Hardened/SELinux VM image
by Sven Vermeulen, post on Tue 10 July 2012A few weeks ago, I pushed out a VM image (Qemu QCOW2 format) to the
/experimental/amd64/qemu-selinux/
location in our mirrors. This VM
image (which is about 1.6 Gib large decompressed) provides a
SELinux-enabled, Gentoo Hardened (with PaX and other grSecurity security
settings) base installation. Thanks to the …
Gentoo Summer of Documentation - Let's do it!
by Sven Vermeulen, post on Fri 29 June 2012The Gentoo Wiki folks have started a great idea (and immediately set a nice milestone), namely the Gentoo Wiki Summer of Documentation. By september, they want to double the amount of articles on the wiki.
I'll surely help out and participate where I can, and perhaps we can even go …