Comments on: SE Linux Play Machine and Passwords http://etbe.coker.com.au/2008/04/02/se-linux-play-machine-passwords/ Linux, politics, and other interesting things Sat, 11 Oct 2008 01:56:13 +0000 http://wordpress.org/?v=2.6.2 By: Pavel http://etbe.coker.com.au/2008/04/02/se-linux-play-machine-passwords/#comment-13140 Pavel Tue, 22 Apr 2008 04:35:54 +0000 http://etbe.coker.com.au/?p=553#comment-13140 Russell, A more generic Debian safety/security question, especially after you've mentioned incident with "restorecon": Is in Debian any way of keeping records of all local per machine customisations of security policies (SELinux or other like regular file permissions), regulary verifying them and fixing/sending reports when found different? For instance, I have a some limited rights (made via file group permissions) on my general-purpose-machine for all kind of active browser content (flash etc), but they are gone every time I'm updating the software. Would it be right to configure SELinux for it or it is still better to make a virtual machine with all browsers? Thanks, Pavel. Russell,
A more generic Debian safety/security question, especially after you’ve mentioned incident with “restorecon”:

Is in Debian any way of keeping records of all local per machine customisations of security policies (SELinux or other like regular file permissions), regulary verifying them and fixing/sending reports when found different?

For instance, I have a some limited rights (made via file group permissions) on my general-purpose-machine for all kind of active browser content (flash etc), but they are gone every time I’m updating the software.

Would it be right to configure SELinux for it or it is still better to make a virtual machine with all browsers?

Thanks, Pavel.

]]> By: etbe http://etbe.coker.com.au/2008/04/02/se-linux-play-machine-passwords/#comment-12774 etbe Wed, 02 Apr 2008 09:29:38 +0000 http://etbe.coker.com.au/?p=553#comment-12774 Daniel: Strange, there is no reason why it shouldn't have worked. At the minimum you prevented me from doing a password based login to my own account which counts as breaking the security goals of the box. Thanks for the comment on this blog post and the comment in the thanks.txt file. In future I would appreciate it if you could send me your email address in a suitable location (such as thanks.txt) so we could discuss them before I write a post about them. Or of course an email would do (my address is well publicised). Daniel: Strange, there is no reason why it shouldn’t have worked. At the minimum you prevented me from doing a password based login to my own account which counts as breaking the security goals of the box.

Thanks for the comment on this blog post and the comment in the thanks.txt file.

In future I would appreciate it if you could send me your email address in a suitable location (such as thanks.txt) so we could discuss them before I write a post about them. Or of course an email would do (my address is well publicised).

]]> By: Daniel http://etbe.coker.com.au/2008/04/02/se-linux-play-machine-passwords/#comment-12769 Daniel Wed, 02 Apr 2008 07:13:09 +0000 http://etbe.coker.com.au/?p=553#comment-12769 that's me, actually. after i changed the password, i have tried to login with your account. but it didn't work. either i have entered a bad password, or you have other security measure in place. that’s me, actually.
after i changed the password, i have tried to login with your account. but it didn’t work.

either i have entered a bad password, or you have other security measure in place.

]]>