Creating a SE Linux Chroot environmentCreating a SE Linux Chroot environment
Why use a Chroot environment? A large part of the use of chroot environments is for the purpose of security, it used to be the only way of isolating a[...]
Category: Security
SE Linux status in Debian/SqueezeSE Linux status in Debian/Squeeze
ffmpeg I’ve updated my SE Linux repository for Squeeze to include a modified version of the ffmpeg packages without MMX support for the i386 architecture. When MMX support is enabled[...]
SE Linux audit2allow -R and Milter policySE Linux audit2allow -R and Milter policy
Since the earliest days there has been a command named audit2allow that takes audit messages of operations that SE Linux denied and produces policy that will permit those operations. A[...]
Tracking down Write/Execute mmap() calls with LD_PRELOADTracking down Write/Execute mmap() calls with LD_PRELOAD
One of the access controls in SE Linux is for execmem – which is used to stop processes from creating memory regions that are writable and executable (as they make[...]
Play Machine Online Again with Xen 4.0Play Machine Online Again with Xen 4.0
My SE Linux Play Machine [1] has been offline for almost a month (it went offline late May 30 and has just gone online again). It’s the sort of downtime[...]
New SE Linux Policy for SqueezeNew SE Linux Policy for Squeeze
I have just uploaded refpolicy version 0.2.20100524-1 to Unstable. This policy is not well tested (a SE Linux policy package ending in “-1” is not something that tends to work[...]
Can you run SE Linux on a Xen Guest?Can you run SE Linux on a Xen Guest?
I was asked “Can you run SELinux on a XEN guest without any problem?“. In a generic sense the answer is of course YES, Xen allows you to run Linux[...]
Should Passwords Expire?Should Passwords Expire?
It’s widely regarded that passwords should be changed regularly. The Australian government declared last week the “National Cyber Security Awareness Week” [1] and has published a list of tips for[...]
Defense in Depth and SudoDefense in Depth and Sudo
My blog post about logging in as root and whether sudo provides any benefit [1] got some interest on Redit. In the Reddit comments on my post [2] there are[...]
Logging Shell CommandsLogging Shell Commands
In response to my previous post about logging in directly as root [1] it was suggested that using sudo is the only way to log the commands that are entered[...]