Upgrading SE Linux PolicyUpgrading SE Linux Policy
When I first packaged the SE Linux policy for Debian the only way to adjust the policy was to edit the source files and recompile. Often changes that you might[...]
Category: Security
Postfix and chrootPostfix and chroot
I have written a script named postfix-nochroot to disable the chroot functionality of Postfix. I plan to initially include this in the selinux-basics package in Debian, but if the script[...]
selinux-activateselinux-activate
I have written a script for Debian named selinux-activate which is included in selinux-basics version 0.3.3+nmu1 (which I have uploaded to Debian/Unstable). The script when run with no parameters will[...]
Installing SE Linux on LennyInstalling SE Linux on Lenny
Currently Debian/Lenny contains all packages needed to run SE Linux apart from the policy. The policy package is missing because it needs to sit in unstable for a while before[...]
SE Linux in Lenny StatusSE Linux in Lenny Status
SE Linux is almost ready to use in Lenny. Currently I am waiting on the packages libsepol1 version 2.0.30-2, policycoreutils 2.0.49-3, and selinux-policy-default version 0.0.20080702-4 to make their way to[...]
Biba and BLP for Network ServicesBiba and BLP for Network Services
Michael Janke has written an interesting article about data flows in networks [1], he describes how data from the Internet should be considered to have low integrity (he refers to[...]
SE Linux Policy LoadingSE Linux Policy Loading
One of the most significant tasks performed by a SE Linux system is loading the “policy“. The policy is the set of rules which determine what actions are permitted by[...]
New SE Linux Policy for LennyNew SE Linux Policy for Lenny
I have just uploaded new SE Linux policy packages for Debian/Unstable which will go into Lenny (provided that the FTP masters approve the new packages in time). The big change[...]
Is a GPG pass-phrase Useful?Is a GPG pass-phrase Useful?
Does a GPG pass-phrase provide a real benefit to the majority of users? It seems that there will be the following categories of attack which result in stealing the secret-key[...]
Kernel Security vs UptimeKernel Security vs Uptime
For best system security you want to apply kernel security patches ASAP. For an attacker gaining root access to a machine is often a two step process, the first step[...]