Archives

Categories

SecureCon Lecture

On Thursday at Secure Con [1] I gave a lecture about SE Linux that went according to plan, and they gave me a nice bottle of Penfolds Shiraz afterwards (thanks to the sponsors).

During my lecture I announced my plan to run the hands-on training session over the net. The idea is that the Debian […]

SecureCon Tutorial

My SecureCon tutorial went quite badly today. After having network problems and having both the Xen servers crash for no apparent reason I had to give up and give an impromptu lecture.

The original plan had been to use two Xen servers which each had 15 instances and have the delegates go through a training […]

Xen for Training

I’m setting up a training environment based on Xen. The configuration will probably be of use to some people so I’m including it below the fold. Please let me know if you have any ideas for improvements.

The interface for the user has the following documentation:

sudo -u root xen-manage create centos|debian [permissive] Create an […]

Squid and SE Linux

Is Squid not returning some data you need on a SE Linux system?

The default configuration of the SE Linux policy for Squid only allows it to connect to a small number of ports which are used for web servers. For example ports http (80) and https (443) are labelled as http_port_t which permits serves […]

SecureCon 2007

I am running a tutorial and giving a talk about SE Linux at SecureCon 2007 [1].

The tutorial will go for 3 hours on Wednesday the 7th of November and will cover using SE Linux in CentOS 5 and Debian Etch, it will be a hands-on tutorial where every delegate gets ssh access to their […]

New SE Linux Play Machine Online

After over a year I have finally got a SE Linux Play Machine online again.

The details for logging in are at this link [1]. I’ve created T-shirt and mug designs with the login details too, they are on cafepress.com LINK [2]. For fun wear such a shirt to a conference (or even when shopping […]

Xen and Security

I have previously posted about the difference between using a chroot and using SE Linux [1].

Theo de Raadt claims that virtualisation does not provide security benefits [2] based on the idea that the Xen hypervisor may have security related bugs.

From my understanding of Xen a successful exploit of a Xen system with a […]

My SE Linux Etch Repository

deb http://www.coker.com.au etch selinux

The above sources.list line has all the i386 packages needed for running SE Linux with strict policy on Etch as well as a couple of packages that are not strictly needed but which are really convenient (to solve the executable stack issue).

gpg --keyserver hkp://subkeys.pgp.net --recv-key F5C75256 gpg -a --export F5C75256 […]

AUUG 2007

Today was the final day of the AUUG 2007 conference [1].

Yesterday I gave a talk about SE Linux for about an hour (not sure exactly as I forgot to make an MP3). AUUG is well known for having conferences with very technical delegates and I wasn’t expecting an easy audience. At the start of […]

Execmem and SE Linux

Eddy writes about problems getting the game oolite to run under SE Linux [1].

Strangely after I fixed the shared object issue with libffcall1 (as described in my previous post [2]) it appeared to work for me.

Eddy asked how to allow one application to create write and executable memory regions without allowing such access […]