This year we celebrated 15 years of Red Hat Product Security. I've not been with Red Hat that long, but I've been doing product security work for longer (slightly over a year longer). I was asked to write a little something to stroll down memory lane with the inter-webs. That …
more ...Today marks one month that my "work time" is 100% devoted to Red Hat; last month I "retired" from any of the IT/web work for my church that I've been doing for the last 12 or so years. It's been an interesting month being able to spend time on …
more ...I'm mostly writing this for my own reference as I spent a bunch of time figuring this out while I was on holidays with some serious oVirt misadventures and didn't document any of what I did, so since I had to reinstall CentOS 7, I'm stuck doing this all over …
more ...Last week's TechMail was Two-factor SSH authentication via Google secures Linux logins which talks about using Google two-factor authentication with SSH (and PAM in general). I really like it and it works quite well although the comments in the TechMail indicate another option called Duo for two-factor authentication that sounds …
more ...This week's TechMail is Learn to use extended file attributes in Linux to boost security which takes a look at using chattr, getfattr, setfattr, getfacl, and setfacl; tools that can be used to offer more granular security to files and directories. Being able to use SELinux or GrSecurity, AppArmor, and …
more ...So I was approached by Eugeni, one of my former fellows at Mandriva, today about some collaboration in regards to Mandriva's msec and my way-back-when fork for Annvix, rsec. He wrote a blog post about msec's future and plans detailing the things he wants to do with msec in the …
more ...This week's TechMail is Monitor your system for threats with rsec alerts which discusses the rsec tool I forked from Mandriva's msec years ago (for Annvix). It's been updated and is available for Red Hat Enterprise Linux 5 (and CentOS 5) as I think it's still a pretty good tool …
more ...This week was interesting, dealing with the supposed "OpenSSH 0day" vulnerability stuff... rumours, innuendo, strange logs and packet capture files... it made for a long week trying to keep an eye on this and sort fact from fiction. Instead of focusing on the issue itself like other blogs and news …
more ...This week's techmail is Store passwords with pwsafe which looks at the pwsafe CLI application that can keep track of all your passwords and login credentials in a safe and secure manner (and throws in strong password generation as a bonus). Really useful app.
more ...