Archives

Categories

SE Linux vs chroot

A question that is often asked is whether to use SE Linux or a chroot to restrict a program.

In Unix chroot is a way of running a program with a restricted set of directories available (it used to be merely a sub-tree but with bind mounts it can be any arbitrary set of directory […]

When to Use SE Linux

Recently someone asked on IRC whether they should use SE Linux on a web server machine (that is being used for no other purpose) and then went on to add “since the webserver is installed as root anyway“.

If a machine is used to run a single non-root application then the potential benefits of using […]

SE Linux shirts for sale!

Faye and I have created Cafepress stores selling shirts and other things with SE Linux logos, here are the two designs:

Play Machine

SE Linux MLS

There are shirts, coffee mugs, mouse-mats, and other things. The designs feature a graphical representation of MLS security and a variety of text about SE Linux. There […]

SE Linux in Debian

I have now got a Debian Xen domU running the strict SE Linux policy that can boot in enforcing mode. I expect that tomorrow I will have it working with full functionality and that I will be able to run another SE Linux Play Machine in the near future.

After getting the strict policy working […]

Tom’s Hardware falls victim to a trojan

E-Week has an article about the popular computer hardware review site Tom’s Hardware (tomshardware.com) being hit by a trojan in a banner advert.

From the article it’s not clear whether a criminal paid for a banner advert under a legitimate business name or compromised the advertising server run by an innocent third-party who paid for […]

Five ways SE Linux may surprise you

Frank Mayer of Tresys has written a great article on the techtarget.com site about SE Linux.

It seems mostly aimed at managers and novice users and explains how SE Linux isn’t really that difficult to use but is however a foundation technology that is needed for secure systems.

Check it out!

Related posts:

SE Linux on /. The book SE Linux by Example has been reviewed on…
Trusted Solaris vs SE Linux Karl MacMillan writes an interesting review of a Sun article…
questions regarding SE Linux I just received a question about SE Linux via email….
planet debian, spam, and SE Linux In regard to my post yesterday about Planet Debian I…
OSDC Yesterday I gave a presentation at OSDC in Melbourne about…

LUG talks today

Today I gave three talks at my local LUG. The first was my latest SE Linux talk (I’ll put the notes online soon). The second was a talk about voting.

I asked for a show of hands, who has already decided which party they will vote for at the next federal election (about 12 people […]

booting from USB for security

Sune Vuorela asks about how to secure important data such as GPG keys on laptops.

I believe that the ideal solution involves booting from a USB device with an encrypted root filesystem to make subversion of the machine more difficult (note that physically subverting the machine is still possible – EG through monitoring the keyboard […]

Spooks and GConf

Jeff Waugh wrote an amusing post about SE Linux and GConf support. It’s good to see SE Linux being promoted to the GNOME community.

Related posts:

music for children Adam Rosi-Kessel made an interesting post about They Might Be…

presentations about SE Linux

I have just read the Presentation Zen blog post about PowerPoint.

One of the interesting suggestions was that it’s not effective to present the same information twice, so you don’t have notes covering what you say. Having a diagram that gives the same information is effective though because it gives a different way of analyzing […]