XCCDF - Documenting a bit more than just descriptions
by Sven Vermeulen, post on Mon 16 December 2013In my previous
post I
made a skeleton XCCDF document. By now, we can create a well documented
"baseline" (best practice) for our subject (say PostgreSQL). But for now
I only talked about <description> whereas XCCDF allows many other tags
as well.
You can add metadata information for a particular …
An XCCDF skeleton for PostgreSQL
by Sven Vermeulen, post on Sat 14 December 2013In a previous post I wrote about the documentation structure I have in mind for a PostgreSQL security best practice. Considering what XCCDF can give us, the idea is to have the following structure:
Hardening PostgreSQL
+- Basic setup
+- Instance level configuration
| +- Pre-startup configuration
| `- PostgreSQL internal configuration
+- Database recommendations
`- User definitions …Documenting security best practices - XCCDF introduction
by Sven Vermeulen, post on Thu 12 December 2013When I have some free time, I try to work on a Gentoo Security Benchmark which not only documents security best practices (loosely based on the Gentoo Security Handbook which hasn't seen much updates in the last few years) but also uses the SCAP protocols. This set of protocols allows …
Gentoo SELinux policy release script
by Sven Vermeulen, post on Wed 11 December 2013A few months ago, I wrote a small script that aids in the creation of
new SELinux policy packages. The script is on the
repository
itself, in the gentoo/ subdirectory, and is called
release-prepare.sh.
The reason for the script is that there are a number of steps to perform …
November online hardened meeting
by Sven Vermeulen, post on Wed 11 December 2013Later than usual, as I wasn't able to make the meeting myself (thus had to wait for the meeting logs in order to draft up this summary), so here it is. The next meeting is scheduled for next week, btw ;-)
Toolchain
The 4.8.2 ebuild for GCC is available …
Majority of GDP documents moved to Gentoo wiki
by Sven Vermeulen, post on Tue 10 December 2013The majority of the English gentoo documents that resided in www.gentoo.org/doc/en have now been moved to the Gentoo Wiki. All those documents have been made available in the main namespace, meaning that non-developers can continue to contribute on those articles and guides, fully in the spirit …
New SELinux userspace release
by Sven Vermeulen, post on Tue 05 November 2013Between now and an hour, Gentoo users using the \~arch branch will notice that new versions of the SELinux userspace applications are now available. Released on October 30th, they contain many bug fixes sent previously as well as a couple of interesting developments and enhancements (more work on sepolicy, for …
The mix of libffi with other changes
by Sven Vermeulen, post on Sun 03 November 2013I once again came across libffi. Not only does the libffi approach fight with SELinux alone, it also triggers the TPE (Trusted Path Execution) protections in grSecurity. And when I tried to reinstall Portage, Portage seemed to create some sort of runtime environment in a temporary directory as well, and …
Gentoo Hardened meeting 201310
by Sven Vermeulen, post on Thu 24 October 2013We gathered online again to talk about the progress, changes and other stuff related to the Gentoo Hardened project.
New Developer
We welcomed Zero_Chaos as a new addition to our team. Big welcome, with the usual IRC kick in between, ensued.
Toolchain
GCC 4.8.x is unmasked and …
In-browser encryption for online password management
by Sven Vermeulen, post on Sun 20 October 2013Lately I've been trying to find a good free software project that uses PHP or cgi-bin (one of the requirements for this particular organization) that allows its users to store passwords centrally, but uses encryption on the browser level before the passwords are sent to the central server. I've found …