Trusted Path Execution - reduce attack vector

Sat 10 November 2012 by admin

TPE is a feature presented in Grsecurity, which denies users from executing programs that are not owned by root. This approach eliminates some parts of self uploaded exploits by users.  Using Grsecurity force us to prepare custom - mainly non-distribution kernel. Nowadays TPE is prepared as separate linux kernel module, which ...

read more

Apache HTTP Server 2.4 - error logging

Tue 10 July 2012 by admin

Apache 2.4 was introduces couple months ago. Comprehensive list of changes doesn't contain pretty useful enhancement of error logs, now it includes AH mark before each log entry. So you can easy extract and collect what kind of errors were logged. List of errors: http://wiki.apache.org ...

read more

Monitoring HTTP on-the-fly

Sun 13 May 2012 by admin

On my day to day work sometimes I have to discover what request are really pushed to my web servers without digging into access logs. So I found some handy tools.

console ready:

read more

Are you Red Hat enterprise ready ?

Sun 13 May 2012 by admin

Easy to find out just try to download one of the free evaluation copy of RHEL.  I'm definitely not ready:

We noticed that your Red Hat Login uses a personal email address. We're sorry, but users must have an enterprise or business email address to obtain product evaluations ...

read more

Collect data about working system

Sun 15 April 2012 by admin

Pretty simple task get information about particular system, answer read documentation about it. But what if there is no documentation or it's outdated. One of the solution is to write down some outputs of basic commands, the second solution is to use dedicated software.

The first one which I ...

read more

Oracle Linux - new approach

Sat 24 March 2012 by admin

Paying for subscription or doing on your own ? Choosing the second way you probably take into consideration: CentOS or Scientific Linux, but nowadays we have another player: Oracle Linux.

We offered both the base distribution release DVDs (OL4, OL5, OL6) and the update releases, such as 5.1, 5.2 ...

read more

SSTP with self signed certificates

Sun 11 March 2012 by admin

I was looking for VPN solution in Windows which gives an easy way to connect without worrying about NAT configuration just like in IPsec or PPTP.  The answer to my question is  SSTP, new version of VPN used in Windows 2008, which encapsulate PPP frames over SSL connection. But all ...

read more

libvirt 0.9.10 released

Mon 13 February 2012 by admin

Just has been released new version of libvirt with promising feature:

Add support for sVirt in the LXC driver (Daniel P. Berrange)

which could gives us:

'' The forthcoming libvirt 0.9.10 release will include support for sVirt with LXC. If this is enabled on an LXC container, then SELinux ...

read more

Easy way to create SSL certificates

Sun 29 January 2012 by admin

Everytime I have to create CSR or self-signed SSL certificate, I need to know complex syntax of openssl. Lately I've found easy solution to this drawback. RedHat Linux distributions all have in common dir /etc/pki which include all generated, installed keys. In location /etc/pki/tls/certs we ...

read more

Redmine - concepts of maintenance SA docs

Sun 15 January 2012 by admin

It's nice to have an easy way to document and track our SA activities. Moreover for me easy means semi or full automated tasks, how we can do that ?

In my previous company I was working in small SA team, we were responsible to maintain over one hundred servers ...

read more