Simplicity is a form of art...

A bug please...
by Sven Vermeulen, post on Mon 30 September 2013

I know contacting me (or other developers) through IRC is often fast, but having a bug report on our bugzilla is very important to me and other developers. Allow me to explain a bit why.

First of all, IRC is ephemeral. If we are not immediately on IRC noticing it …

It has finally arrived: SELinux System Administration
by Sven Vermeulen, post on Fri 27 September 2013

Almost everyone has it - either physical or in their heads: a list of things you want to do or achieve before you... well, stop existing. Mine still has numerous things on it (I should get on it, I know) but one of the items on that list has recently been …

Aaaand we're back - hardened monthly meeting
by Sven Vermeulen, post on Thu 26 September 2013

It almost feels like we had our monthly online meeting just a week ago. Below a small write-up of the highlights. If you want to know the gory details, just wait a few hours/days until the IRC logs are sent out ;-) Now remember, the project does more than what …

Underestimated or underused: Portage (e)logging
by Sven Vermeulen, post on Wed 25 September 2013

Within 30 minutes of each other, two people on the #gentoo channel asked if Portage kept logs of the messages displayed during the build and installation of a package. Of course, the answer is a sounding "yes" - and depending on your needs, you can even save more of the logging …

Creating a poor man central SCAP system
by Sven Vermeulen, post on Tue 24 September 2013

A few weeks ago, I was asked to give some explanation about how SCAP content can be used in companies to improve their infrastructure knowledge. The focus back then was to look at benchmarks (secure states) and violations, but other functionality should not be ignored. I'm not going to talk …

Switching gpg key to 0x2EDD52403B68AF47
by Sven Vermeulen, post on Thu 19 September 2013

I recently switched my GnuPG key. The previous key - which is still in place for now (no revocation send out yet) - was 0x5DFAB3ECCDBA2FDB and was a 1024 bit DSA key. The new one, 0x2EDD52403B68AF47, is a 4096 bit RSA key. It also has the following preferences:

gpg> showpref
[ultimate] (1 …

cvechecker 3.3 released
by Sven Vermeulen, post on Mon 16 September 2013

I just uploaded a new release of cvechecker to the project files. The release is a (long overdue) bugfix release, but includes two small enhancements: support standard input for the binary list (so you can pipe the output of one command to cvechecker) and the introduction of the CVECHECKER_CONFFILE …

Gentoo Hardened progress report
by Sven Vermeulen, post on Thu 29 August 2013

Today, we had our monthly online meeting to discuss the progress amongst the various Gentoo Hardened projects. As usual, here is a small write-up.

Lead election

As every year, we also reviewed the current project leads. No surprises here, everybody is happy with the current leads so they are re-elected …

Umounting IPv6 NFS(v4) mounts
by Sven Vermeulen, post on Fri 23 August 2013

I had issues umounting my NFSv4 shares on an IPv6-only network. When trying to umount the share, it said that it couldn't find the mount in /proc/mounts:

~# umount /mnt/nfs/portage
/mnt/nfs/portage was not found in /proc/mounts

The solution: copy /proc/mounts to /etc/mtab, and …

Why our policies don't like emerge --config
by Sven Vermeulen, post on Fri 23 August 2013

One of the features that Portage provides is to have post-processing done on request of the administrator for certain packages. For instance, for the dev-db/postgresql-server package we can call its pkg_config() phase to create the PostgreSQL instance and configure it so that the configuration of the database is …