About time...
by Sven Vermeulen, post on Thu 24 February 2011I was just wondering why "UTC" stood for "Coordinated Universal Time". Apparently (okay, citing Wikipedia here, so be critical), it's of two main reasons: English and French speaking folks that were participating in that discussion wanted their language to be presented in the abbreviation (English wants "CUT - Coordinated Universal Time …
cvechecker update
by Sven Vermeulen, post on Sat 19 February 2011A while ago, I got the request to enhance cvechecker with support for providing a list of installed software (or software you want to watch over with cvechecker) even if cvechecker isn't able to detect that software on your system. I've implemented this and it is currently available in the …
File System Labels in Linux Sea
by Sven Vermeulen, post on Sat 12 February 2011I have added some information on file system labels in Linux Sea (PDF). If you don't know what labels are (or UUIDs), here is a quick summary.
Most, if not all file systems, assign a universally unique identifier (UUID) which looks like a random hexadecimal string to each file system …
SELinux for Gentoo Hardened
by Sven Vermeulen, post on Sun 06 February 2011Recently, most of the SELinux-related ebuilds from the hardened overlay have been moved to the official Portage tree. Hopefully, this will trigger more people / organizations to try Gentoo Hardened with SELinux and help us improve the ebuilds. They're still marked as \~arch (as they should be). The draft SELinux handbook …
"Gentoo in production?" Oh no, not again...
by Sven Vermeulen, post on Fri 21 January 2011I think it is that time of the year again, where people get some crazy ideas. Again I discussed the what must be the gazillion-th time I've been asked "Do you think Gentoo is ripe for use in production?". Honestly, I always tell myself to ignore those discussions but I've …
Confining user applications
by Sven Vermeulen, post on Sun 16 January 2011Ever since I started using SELinux, I'm getting more and more fond of what it can do for (security) administrators. Lately, I've started confining user applications (like skype) in the idea that I do not want any application connecting to the Internet or working with content received from untrusted sources …
Why I have backups
by Sven Vermeulen, post on Thu 30 December 2010You often read stories about people who have data loss and did not keep any (recent) backups, and are now fully equipped with a state-of-the-art backup mechanism. So no - no such failure story here but an example why backups are important.
Yesterday I had a vicious RAID/LVM failure. Due …
cvechecker 2.0 released
by Sven Vermeulen, post on Wed 01 December 2010Okay, enough play - time for a new release. Since cvechecker 1.0 was released, a few important changes have been made to the cvechecker tools:
- You can now tell cvechecker to only check newly added files, or remove a set of files from its internal database. Previously, you had to …
Helping with version detection rules in cvechecker
by Sven Vermeulen, post on Sat 27 November 2010The new development snapshot, available from the cvechecker project site, contains a helper script that returns potential version detection rules for your system if the current cvechecker database doesn't detect your software. The script is currently available for Gentoo (called cverules_gentoo) but other distributions can be easily added. The actual …
Delta processing in cvechecker
by Sven Vermeulen, post on Tue 02 November 2010The cvechecker application will support delta file processing as well as higher version matching with its next release. The functionality is currently in version control and I still have to work out quite a few things before they can go live, but the functionality is there.
Now why would these …