Simplicity is a form of art...

Why you need the real_* thing with genkernel
by Sven Vermeulen, post on Sun 25 November 2012

Today it bit me. I rebooted my workstation, and all hell broke loose. Well, actually, it froze. Literally, if you consider my root file system. When the system tried to remount the root file system read-write, it gave me this:

mount: / not mounted or bad option

So I did the …

The hardened project continues going forward...
by Sven Vermeulen, post on Sat 17 November 2012

This wednesday, the Gentoo Hardened team held its monthly online meeting, discussing the things that have been done the last few weeks and the ideas that are being worked out for the next. As I did with the last few meetings, allow me to summarize it for all interested parties …

Local policy management script
by Sven Vermeulen, post on Sun 11 November 2012

I've written a small script that I call selocal which manages locally needed SELinux rules. It allows me to add or remove SELinux rules from the command line and have them loaded up without needing to edit a .te file and building the .pp file manually. If you are interested …

Gentoo Hardened progress meeting
by Sven Vermeulen, post on Sun 14 October 2012

Not that long ago we had our monthly Gentoo Hardened project meeting (on October 3rd to be exact). On these meetings, we discuss the progress of the project since the last meeting.

For our toolchain domain, Zorry reported that the PIE patchset is updated for GCC, fixing bug #436924. Blueness …

git patch apply
by Sven Vermeulen, post on Thu 27 September 2012

I recently had to merge the changes made to an upstream project with a local repository. I took out the changes as patches through git format-patch (as the local repository isn't a clone of the remote one so I couldn't just create a branch and merge) and hoped to apply …

Perimeter security testing
by Sven Vermeulen, post on Tue 28 August 2012

I've been asked a few times how I would do perimeter security testing. Personally, I'm not an offensive security guy, more a defensive one, meaning I'm more about security-related defensive methods rather than PEN testing of any kind. But still, even in a defensive position, having a "view" on how …

Gentoo Hardened in August
by Sven Vermeulen, post on Sat 25 August 2012

Last wednesday Gentoo Hardened held its monthly online meeting to discuss the progress of the various subprojects, reconfirm the current project leads, talk about potential new projects and discuss some bugs that were getting on our nerves...

For the project leads, all current leads were reconfirmed: Zorry will keep tight …

Lots of work on supporting swig-2
by Sven Vermeulen, post on Mon 20 August 2012

The SELinux setools package provides a few of the commands I used the most when working with SELinux: sesearch for looking through the policy and seinfo to get information on type/attribute/role/... from the currently loaded policy.

This package uses swig, the Simplified (sic) Wrapper and Interface Generator to …

Adding roles to the Gentoo Hardened SELinux policy
by Sven Vermeulen, post on Tue 14 August 2012

I wrote a small section on how to create additional roles to the SELinux policy offered by Gentoo Hardened. Whereas the default policy that we provide only offers a few basic roles, any policy administrator can provide additional roles for the system.

By using additional roles, you can grant users …

Kickstarting the Integrity subproject
by Sven Vermeulen, post on Mon 30 July 2012

Now that Gentoo Hardened has its integrity subproject, I started with writing down the concepts (draft - will move to the project site when finished!) used within the subproject: what is integrity, how does trust fit into this, what kind of technologies will we look at, etc. I'm hoping that this …