|
I’m setting up a training environment based on Xen. The configuration will probably be of use to some people so I’m including it below the fold. Please let me know if you have any ideas for improvements.
The interface for the user has the following documentation:
sudo -u root xen-manage create centos|debian [permissive] Create an […]
Is Squid not returning some data you need on a SE Linux system?
The default configuration of the SE Linux policy for Squid only allows it to connect to a small number of ports which are used for web servers. For example ports http (80) and https (443) are labelled as http_port_t which permits serves […]
I am running a tutorial and giving a talk about SE Linux at SecureCon 2007 [1].
The tutorial will go for 3 hours on Wednesday the 7th of November and will cover using SE Linux in CentOS 5 and Debian Etch, it will be a hands-on tutorial where every delegate gets ssh access to their […]
After over a year I have finally got a SE Linux Play Machine online again.
The details for logging in are at this link [1]. I’ve created T-shirt and mug designs with the login details too, they are on cafepress.com LINK [2]. For fun wear such a shirt to a conference (or even when shopping […]
I have previously posted about the difference between using a chroot and using SE Linux [1].
Theo de Raadt claims that virtualisation does not provide security benefits [2] based on the idea that the Xen hypervisor may have security related bugs.
From my understanding of Xen a successful exploit of a Xen system with a […]
Above is a picture of a DVD player I saw on sale in Dick Smith Electronics [1] (a chain store that used to sell mostly electronics hobbyist gear but now mostly sells consumer electronics gear). I asked one of the staff why it said “root”, tests revealed that the DVD caused any player to […]
Bruce Schneier summarised a series of articles about banking security [1]. He mentioned the fact that banks don’t seem to care about small losses and would rather just deal with the problem (presumably by increasing their fees to account for losses).
There are some other interesting bits in the article, for example banks are planning […]
deb http://www.coker.com.au etch selinux
The above sources.list line has all the i386 packages needed for running SE Linux with strict policy on Etch as well as a couple of packages that are not strictly needed but which are really convenient (to solve the executable stack issue).
gpg --keyserver hkp://subkeys.pgp.net --recv-key F5C75256 gpg -a --export F5C75256 […]
Danny Angus writes about the potential threat posed by small storage devices with large capacity [1]. His post was prompted by a BBC article about Hitachi’s plans for new hard drives [2], they are aiming for 4TB of data on a single drive by 2011 and a 1TB laptop drive. One thing I noticed about […]
Today was the final day of the AUUG 2007 conference [1].
Yesterday I gave a talk about SE Linux for about an hour (not sure exactly as I forgot to make an MP3). AUUG is well known for having conferences with very technical delegates and I wasn’t expecting an easy audience. At the start of […]
|
|