SE Linux Support in GPGSE Linux Support in GPG
In May 2002 I had an idea for securing access to GNUPG [1]. What I did was to write SE Linux policy to only permit the gpg program to access[...]
Category: Security
IPSEC is PainIPSEC is Pain
I’ve been trying to get ipsec to work correctly as a basic VPN between two CentOS 5 systems. I set up the ipsec devices according to the IPSEC section of[...]
Security Flaws in Free SoftwareSecurity Flaws in Free Software
I just wrote about the system administration issues related to the recent Debian SSL/SSH security flaw [1]. The next thing we need to consider is how we can change things[...]
Debian SSH ProblemsDebian SSH Problems
It has recently been announced that Debian had a serious bug in the OpenSSL code [1], the most visible affect of this is compromising SSH keys – but it can[...]
Trust and My SE Linux Play MachineTrust and My SE Linux Play Machine
When discussing the machine there are two common comments I get. One is a suggestion that I am putting myself at risk, I think that the risk of visiting[...]
SE Linux Play Machine and PasswordsSE Linux Play Machine and Passwords
My SE Linux Play Machine has been online again since the 18th of March. On Monday the 11th of Feb I took it offline after a user managed to change the[...]
SE Linux Etch Repository for AMD64SE Linux Etch Repository for AMD64
My Etch back-port repository of SE Linux related packages (which I documented in a previous post) now has a complete set of packages for AMD64. From now on I[...]
Debian SE Linux StatusDebian SE Linux Status
At the moment I’ve got more time to work on these things than I have had for a while. I’ve got Etch support going quite well (see my post about[...]
Chilled Memory AttacksChilled Memory Attacks
In 1996 Peter Gutmann wrote a paper titled “Secure Deletion of Data from Magnetic and Solid-State Memory” [1]. In that paper he mentions the fact that the contents of RAM[...]
Oracle Unbreakable LinuxOracle Unbreakable Linux
Matt Bottrell writes about the Oracle Linux offerings presented at LCA 2008 [1] The one thing that Oracle does which I really object to is the “unbreakable” part of their[...]