Underestimated or underused: Portage (e)logging
by Sven Vermeulen, post on Wed 25 September 2013Within 30 minutes of each other, two people on the #gentoo channel
asked if Portage kept logs of the messages displayed during the build
and installation of a package. Of course, the answer is a sounding "yes"
- and depending on your needs, you can even save more of the logging …
Gentoo Hardened progress report
by Sven Vermeulen, post on Thu 29 August 2013Today, we had our monthly online meeting to discuss the progress amongst the various Gentoo Hardened projects. As usual, here is a small write-up.
Lead election
As every year, we also reviewed the current project leads. No surprises here, everybody is happy with the current leads so they are re-elected …
Why our policies don't like emerge --config
by Sven Vermeulen, post on Fri 23 August 2013One of the features that Portage provides is to have post-processing
done on request of the administrator for certain packages. For instance,
for the dev-db/postgresql-server package we can call its
pkg_config() phase to create the PostgreSQL instance and configure it
so that the configuration of the database is stored …
Using CUSTOM_BUILDOPT in refpolicy for USE flag-alike functionality?
by Sven Vermeulen, post on Fri 16 August 2013As you are probably aware, Gentoo uses the reference
policy as its base for
SELinux policies. Yes, we do customize it and not everything is already
pushed upstream (for instance, our approach to use xdg_*_home_t
customizable types to further restrict user application access has been
sent up for comments …
And now, 31 days later...
by Sven Vermeulen, post on Thu 01 August 2013... the Gentoo Hardened team had its monthly online meeting again ;-)
On the agenda were the usual suspects, such as the toolchain. In this
category, Zorry mentioned that he has a fix for GCC 4.8.1 for the
hardenedno* and vanilla gcc-config options which will be added to
the tree …
Moving Gentoo docs to the wiki
by Sven Vermeulen, post on Sun 28 July 2013Slowly but surely Gentoo documentation guides are being moved to the Gentoo Wiki. Thanks to the translation support provided by the infrastructure, all "reasons" not to go forward with this have been resolved. At first, I'm focusing on documentation with open bugs that have not been picked up (usually due …
Hardening is our business... new monthly report ;-)
by Sven Vermeulen, post on Thu 27 June 2013We're back with another report on the Gentoo Hardened project. Please excuse my brevity, as you've noticed I'm not that active (yet) due to work on an external project - I'll be back mid-July though. I promise.
On the Toolchain side, GCC 4.8.1 is in the tree and has …
Gentoo Hardened spring notes
by Sven Vermeulen, post on Thu 16 May 2013We got back together on the #gentoo-hardened chat channel to discuss
the progress of Gentoo
Hardened, so it's time for
another write-up of what was said.
Toolchain
GCC 4.8.1 will be out soon, although nothing major has occurred with it since the last meeting. There is a plugin …
Overriding the default SELinux policies
by Sven Vermeulen, post on Wed 15 May 2013Extending SELinux policies with additional rules is easy. As SELinux uses a deny by default approach, all you need to do is to create a policy module that contains the additional (allow) rules, load that and you're all set. But what if you want to remove some rules?
Well, sadly …
Highlevel assessment of Cdorked and Gentoo Hardened/SELinux
by Sven Vermeulen, post on Tue 14 May 2013With all the reports surrounding Cdorked, I took a look at if SELinux and/or other Gentoo Hardened technologies could reduce the likelihood that this infection occurs on your system.
First of all, we don't know yet how the malware gets installed on the server. We do know that the …