GPT or MBR in the Gentoo Handbook
by Sven Vermeulen, post on Wed 18 December 2013I just committed a set of changes against the Gentoo Handbook (x86 and amd64) with the intent to have better instructions on GPT (GUID Partition Table) layout versus MBR (Master Boot Record) or MSDOS-style layout.
The part on "Preparing the Disks" saw the most changes. It starts with explaining the …
Running a bit with the XCCDF document
by Sven Vermeulen, post on Wed 18 December 2013In my previous post I introduced automated checking of rules through SCE (Script Check Engine). Let's focus a bit more now on running with an XCCDF document: how to automatically check the system, read the results and find more information of those results.
To provide a usable example, you can …
Updated Linux Sea, now with viewport thingie
by Sven Vermeulen, post on Mon 16 December 2013I just pushed out an update to Linux Sea (an online resource to introduce you to Linux, using Gentoo Linux as an example), including its PDF and ePub versions. The changes are pretty small (see its ChangeLog).
Together with the update, it now also includes a
<meta name="viewport"...> so …
XCCDF - Documenting a bit more than just descriptions
by Sven Vermeulen, post on Mon 16 December 2013In my previous
post I
made a skeleton XCCDF document. By now, we can create a well documented
"baseline" (best practice) for our subject (say PostgreSQL). But for now
I only talked about <description> whereas XCCDF allows many other tags
as well.
You can add metadata information for a particular …
An XCCDF skeleton for PostgreSQL
by Sven Vermeulen, post on Sat 14 December 2013In a previous post I wrote about the documentation structure I have in mind for a PostgreSQL security best practice. Considering what XCCDF can give us, the idea is to have the following structure:
Hardening PostgreSQL
+- Basic setup
+- Instance level configuration
| +- Pre-startup configuration
| `- PostgreSQL internal configuration
+- Database recommendations
`- User definitions …Documenting security best practices - XCCDF introduction
by Sven Vermeulen, post on Thu 12 December 2013When I have some free time, I try to work on a Gentoo Security Benchmark which not only documents security best practices (loosely based on the Gentoo Security Handbook which hasn't seen much updates in the last few years) but also uses the SCAP protocols. This set of protocols allows …
Gentoo SELinux policy release script
by Sven Vermeulen, post on Wed 11 December 2013A few months ago, I wrote a small script that aids in the creation of
new SELinux policy packages. The script is on the
repository
itself, in the gentoo/ subdirectory, and is called
release-prepare.sh.
The reason for the script is that there are a number of steps to perform …
November online hardened meeting
by Sven Vermeulen, post on Wed 11 December 2013Later than usual, as I wasn't able to make the meeting myself (thus had to wait for the meeting logs in order to draft up this summary), so here it is. The next meeting is scheduled for next week, btw ;-)
Toolchain
The 4.8.2 ebuild for GCC is available …
Majority of GDP documents moved to Gentoo wiki
by Sven Vermeulen, post on Tue 10 December 2013The majority of the English gentoo documents that resided in www.gentoo.org/doc/en have now been moved to the Gentoo Wiki. All those documents have been made available in the main namespace, meaning that non-developers can continue to contribute on those articles and guides, fully in the spirit …
New SELinux userspace release
by Sven Vermeulen, post on Tue 05 November 2013Between now and an hour, Gentoo users using the \~arch branch will notice that new versions of the SELinux userspace applications are now available. Released on October 30th, they contain many bug fixes sent previously as well as a couple of interesting developments and enhancements (more work on sepolicy, for …