The following is a list of some of the Mac applications I live in every day. They are the precious few I couldn’t live without, and that contribute to my Joy of Mac each day. They are listed roughly in order of affection.
This article describes how to utilize the stateful directory scanning module I’ve written for Python. But why did I write it? Understanding the problem I aimed to solve will help show why such a module is useful, and give you ideas how you might put it to use for yourself.
This document describes how to administrate OpenVPN on a Debian GNU/Linux server. It does not cover installing a new OpenVPN service from scratch, since that is already covered in the official OpenVPN 2.0 HOWTO. In particular, this document covers:
If you haven’t installed OpenVPN on your server yet, please visit the official HOWTO and complete the steps there. Then you can return to this document. I originally wrote this to show co-administrators how to work with an already-running OpenVPN installation.
Today’s entry is a little primer I wrote for some co-workers at CEG, on setting up SVK to do remote development. We continue to use a central Subversion repository, but I often find myself working in cafés where I don’t have immediate access to the server. Also, I like to branch and check-in much more frequently than would be sane to do with Subversion – I also like the distinction between a “check-in” being a simple, quick snapshot, and an svk push as the real deal.
The past few months have seen me digging deep into the world of TCP/IP and firewalls. It has been a fascinating journey into packet queueing and TCP headers, three-way handshakes and ICMP broadcasts.
The result of this research has been the ongoing creation of a firewall to protect my laptop against open networks, and my Internet server from port scanning and DoS attacks. I’m pretty certain I haven’t even scratched the surface yet, but I have found some settings to protect against the most common attacks. Below I’ll summarize the major pieces of my new firewall, and the logic behind it.
I started the adventure of writing an SELinux security policy from scratch today. This is on CentOS 5, which uses the new policy modules approach rather than the older scheme involved a huge number of policies and a Makefile.`
It took hours of searching on the Net to find out that there’s really nothing out there to teach you how to start a new policy from nothing. I found one “step-by-step” guide, but it involved using a GUI tool that I don’t have. Every other article on writing policy is about using audit2allow to make existing policies more permissive.
The missing piece turned out to be the package selinux-policy-devel, which installs a tree of macro files in /usr/share/selinux/devel. Going into there, I found a complete example policy! So I copied these example files and started configuring them for Trac, the Python daemon I want to lock down. After that, I just had to run make, and insert the new policy using “semodule -i trac.pp”. And now it looks like I’m in for a few days of tweaking, as I narrow down exactly what Trac does and doesn’t need to be able to do.
Recent Comments