|
A question that is often asked is whether to use SE Linux or a chroot to restrict a program.
In Unix chroot is a way of running a program with a restricted set of directories available (it used to be merely a sub-tree but with bind mounts it can be any arbitrary set of directory […]
Recently someone asked on IRC whether they should use SE Linux on a web server machine (that is being used for no other purpose) and then went on to add “since the webserver is installed as root anyway“.
If a machine is used to run a single non-root application then the potential benefits of using […]
Faye and I have created Cafepress stores selling shirts and other things with SE Linux logos, here are the two designs:
Play Machine
SE Linux MLS
There are shirts, coffee mugs, mouse-mats, and other things. The designs feature a graphical representation of MLS security and a variety of text about SE Linux. There […]
I have now got a Debian Xen domU running the strict SE Linux policy that can boot in enforcing mode. I expect that tomorrow I will have it working with full functionality and that I will be able to run another SE Linux Play Machine in the near future.
After getting the strict policy working […]
E-Week has an article about the popular computer hardware review site Tom’s Hardware (tomshardware.com) being hit by a trojan in a banner advert.
From the article it’s not clear whether a criminal paid for a banner advert under a legitimate business name or compromised the advertising server run by an innocent third-party who paid for […]
Frank Mayer of Tresys has written a great article on the techtarget.com site about SE Linux.
It seems mostly aimed at managers and novice users and explains how SE Linux isn’t really that difficult to use but is however a foundation technology that is needed for secure systems.
Check it out!
Related posts:
SE Linux on /. The book SE Linux by Example has been reviewed on…
Trusted Solaris vs SE Linux Karl MacMillan writes an interesting review of a Sun article…
questions regarding SE Linux I just received a question about SE Linux via email….
planet debian, spam, and SE Linux In regard to my post yesterday about Planet Debian I…
OSDC Yesterday I gave a presentation at OSDC in Melbourne about…
Today I gave three talks at my local LUG. The first was my latest SE Linux talk (I’ll put the notes online soon). The second was a talk about voting.
I asked for a show of hands, who has already decided which party they will vote for at the next federal election (about 12 people […]
Sune Vuorela asks about how to secure important data such as GPG keys on laptops.
I believe that the ideal solution involves booting from a USB device with an encrypted root filesystem to make subversion of the machine more difficult (note that physically subverting the machine is still possible – EG through monitoring the keyboard […]
Jeff Waugh wrote an amusing post about SE Linux and GConf support. It’s good to see SE Linux being promoted to the GNOME community.
Related posts:
music for children Adam Rosi-Kessel made an interesting post about They Might Be…
I have just read the Presentation Zen blog post about PowerPoint.
One of the interesting suggestions was that it’s not effective to present the same information twice, so you don’t have notes covering what you say. Having a diagram that gives the same information is effective though because it gives a different way of analyzing […]
|
|