Play Machine Online Again with Xen 4.0Play Machine Online Again with Xen 4.0
My SE Linux Play Machine [1] has been offline for almost a month (it went offline late May 30 and has just gone online again). It’s the sort of downtime[...]
Category: Security
New SE Linux Policy for SqueezeNew SE Linux Policy for Squeeze
I have just uploaded refpolicy version 0.2.20100524-1 to Unstable. This policy is not well tested (a SE Linux policy package ending in “-1” is not something that tends to work[...]
Can you run SE Linux on a Xen Guest?Can you run SE Linux on a Xen Guest?
I was asked “Can you run SELinux on a XEN guest without any problem?“. In a generic sense the answer is of course YES, Xen allows you to run Linux[...]
Should Passwords Expire?Should Passwords Expire?
It’s widely regarded that passwords should be changed regularly. The Australian government declared last week the “National Cyber Security Awareness Week” [1] and has published a list of tips for[...]
Defense in Depth and SudoDefense in Depth and Sudo
My blog post about logging in as root and whether sudo provides any benefit [1] got some interest on Redit. In the Reddit comments on my post [2] there are[...]
Logging Shell CommandsLogging Shell Commands
In response to my previous post about logging in directly as root [1] it was suggested that using sudo is the only way to log the commands that are entered[...]
Securely Killing ProcessesSecurely Killing Processes
Joey Hess wrote on Debian-devel about the problem of init scripts not doing adequate checks before using the data from a PID file under /var/run to determine which process to[...]
Can SE Linux Implement Traditional Unix Users and Groups?Can SE Linux Implement Traditional Unix Users and Groups?
I was asked by email whether SE Linux could implement traditional Unix users and groups. The Strictly Literal Answer to that Question The core of the SE Linux access control[...]
Logging in as RootLogging in as Root
Martin Meredith wrote a blog post about logging in as root and the people who so strongly advocate against it [1]. The question is whether you should ssh directly to[...]
UBAC and SE Linux in DebianUBAC and SE Linux in Debian
A recent development in SE Linux policy is the concept of UBAC (User Based Access Control) which prevents SE Linux users (identitied) from accessing each other’s files. SE Linux user[...]