Changes in RHEL 7 Security Technical Implementation Guide Version 1, Release 3

The latest release of the Red Hat Enterprise Linux Security Technical Implementation Guide (STIG) was published last week. This release is Version 1, Release 3, and it contains four main changes: V-77819 - Multifactor authentication is required for graphical logins V-77821 - Datagram Congestion Control Protocol (DCCP) kernel module must be disabled V-77823 - Single user mode must require user authentication V-77825 - Address space layout randomization (ASLR) must be enabled Deep dive Let’s break down this list to understand what each one means.
Read more →

Apply the STIG to even more operating systems with ansible-hardening

Tons of improvements made their way into the ansible-hardening role in preparation for the OpenStack Pike release next month. The role has a new name, new documentation and extra tests. The role uses the Security Technical Implementation Guide (STIG) produced by the Defense Information Systems Agency (DISA) and applies the guidelines to Linux hosts using Ansible. Every control is configurable via simple Ansible variables and each control is thoroughly documented.
Read more →

Adventures in live booting Linux distributions

We’re all familiar with live booting Linux distributions. Almost every Linux distribution under the sun has a method for making live CD’s, writing live USB sticks, or booting live images over the network. The primary use case for some distributions is on a live medium (like KNOPPIX). However, I embarked on an adventure to look at live booting Linux for a different use case. Sure, many live environments are used for demonstrations or installations - temporary activities for a desktop or a laptop.
Read more →