security
2019
2018
2017
- Changes in RHEL 7 Security Technical Implementation Guide Version 1, Release 3 Nov 2
- Apply the STIG to even more operating systems with ansible-hardening Jul 21
- Old role, new name: ansible-hardening Jun 27
- Enable AppArmor on a Debian Jessie cloud image May 24
- RHEL 7 STIG v1 updates for openstack-ansible-security Apr 5
- Takeaways from Bruce Schneierâs talk: âSecurity and Privacy in a Hyper-connected Worldâ Mar 22
- What Iâm looking forward to at IBM Interconnect 2017 Feb 23
- Display auditd messages with journalctl Jan 5
- augenrules fails with ârule existsâ when loading rules into auditd Jan 3
2016
- Talk Recap: Holistic Security for OpenStack Clouds Oct 31
- HTTP/2 for the blog and icanhazip.com Sep 13
- Join me on Thursday to talk about OpenStack LBaaS and security hardening Jul 19
- New SELinux shirts are available Jun 16
- Automated security hardening with Ansible: May updates May 27
- Troubleshooting OpenStack network connectivity May 17
- Preventing Ubuntu 16.04 from starting daemons when a package is installed May 5
- 802.1x with NetworkManager using nmcli May 3
- Talk Recap: Automated security hardening with OpenStack-Ansible Apr 26
- OpenStack Summit in Austin is almost here! Apr 21
- Enable IPv6 privacy in NetworkManager Apr 17
- Automated Letâs Encrypt DNS challenges with Rackspace Cloud DNS Mar 31
- Enabling kwallet after accidentally disabling it Jan 28
2015
- Talking to college students about information security Nov 10
- systemd-networkd and macvlan interfaces Oct 26
- What I learned while securing Ubuntu Oct 14
- Time Warner Road Runner, Linux, and large IPv6 subnets Sep 11
- Chronicles of SELinux: Dealing with web content in unusual directories Sep 10
- Build a network router and firewall with Fedora 22 and systemd-networkd Aug 27
- Research Paper: Securing Linux Containers Aug 14
- Automated testing for Ansible CIS playbook on RHEL/CentOS 6 Aug 5
- Improving LXC template security Jun 18
- Time for a new GPG key Jun 11
- Upatre and icanhazip Jun 5
- Adventures with GRE and IPSec on Mikrotik routers May 27
- You have a problem and icanhazip.com isnât one of them May 20
- Woot! Eight years of my blog Apr 14
- Run virsh and access libvirt as a regular user Apr 11
- Helpful, low-FUD information security sites, mailing lists, and blogs Jan 8
2014
- Trust an IP address with firewalldâs rich rules Nov 24
- Xenâs XSA-108 patch and Fedora Oct 2
- Apacheâs mod_proxy, mod_ssl, and BitTorrent Sync Sep 28
- icanhazip.com blocked by Websense Aug 7
- Etsy reminds us that information security is an active process Jul 22
- icanhazip and CORS Jul 21
- AVC: denied dyntransition from sshd Jul 3
- Configure remote syslog for XenServer via the command line Jun 3
- Evade the Breach May 24
- Launch secure LXC containers on Fedora 20 using SELinux and sVirt Apr 22
- Upgrade OpenSSL, then upgrade WordPress Apr 10
- openssl heartbleed updates for Fedora 19 and 20 Apr 8
- Show originating IP address in Apple Mail Mar 18
- Annoying security requests highlight company silos Mar 10
- Hierarchy of DevOps Needs from DevOps Weekly Feb 3
2013
- Information security nuggets from DevOps Weekly #150 Nov 17
- One year in information security Nov 13
- Guide to securing apache Oct 22
- Iâm on the hunt for experienced security analysts! Oct 15
- This is why we canât have nice things: malware callbacks to icanhazip.com Sep 17
- Need an edge at work? Learn accounting and finance. Sep 17
- Come and get your SELinux shirts! Jul 18
- Confine untrusted users (including your children) with SELinux Jul 5
- My interview on the Dave and Gunnar Show Jun 19
- Red Hat Summit 2013 Recap Jun 15
- Installing the Xen hypervisor on Fedora 19 Jun 3
- Presentation: Demystifying SELinux May 29
- Changing your ssh serverâs port from the default: Is it worth it? May 15
- Automate CentOS 6 deployments with CIS Security Benchmarks already applied Apr 26
- Limit access to the su command Apr 26
- Reprint: Stop Disabling SELinux! Apr 19
- Seriously, stop disabling SELinux Apr 16
- Remove sensitive information from email headers with postfix Apr 15
- Survive the Google Reader exodus with Tiny Tiny RSS Mar 17
- Controlling sensitive company data means losing some control of it Mar 3
- Block Flash and Java in your browser today Feb 22
- Quick access to OpenPGP tasks with GPGTools in OS X Feb 8
- What my toddler taught me about information security Jan 13
2012
- Reaching a new milestone and making some big changes Nov 26
- Automatic package updates in CentOS 6 Sep 21
- Monitoring and protecting your reputation online Aug 6
- Building vpnc with openssl support via MacPorts on Mac OS X Aug 1
- X forwarding over ssh woes: DISPLAY is not set Jul 14
- SELinux, Xen, and block devices in Fedora 17 Jul 10
- Red Hat Summit 2012: Thursday Jun 29
- Red Hat Summit 2012: Wednesday Jun 28
- Lesser-known but extremely handy Linux tools May 11
- Using OpenSSLâs s_client command with web servers using Server Name Indication (SNI) Feb 7
- The Kerberos-haterâs guide to installing Kerberos Feb 5
- Get notifications instead of automatic updates in Scientific Linux Feb 4
- Kerberos for haters Feb 3
- Getting started with SELinux Jan 26
- SELinux and .forward files Jan 2
2011
2010
2009
- Upgraded to WordPress 2.9 Dec 21
- Automatically loading iptables rules on Debian/Ubuntu Nov 17
- Upgraded to WordPress 2.8.6 with some theme changes Nov 17
- Requiring SSL encryption for WordPress administration Jul 31
- Upgraded WordPress to 2.8.2 Jul 29
- Simple SOCKS proxy using SSH May 26
- New Linux security advisory Twitter bots Feb 5
2008
2007
- Red Hat Support EOL Dates Dec 5
- Adding SSL encryption to vsftpd Nov 26
- OpenSSL Tricks Nov 7
- Enforcing mode requested but no policy loaded. Halting now. Oct 17
- BIND: âRRset exists (value dependent)â prerequisite not satisfied (NXRRSET) Oct 10
- Check the modulus of an SSL certificate and key with openssl Sep 14
- Apache: Disable TRACE and TRACK methods Aug 29
- WordPress 2.2.2 Aug 9
- Add custom rules to the Plesk firewall Aug 3
- Check available entropy in Linux Jul 1
- Active FTP connections through iptables Jul 1
- Enable SSL support in Postfix Jul 1
- Remove all open_basedir restrictions in Plesk Jun 30
- 500 OOPS error from vsftpd Jun 14
- Rebuild RPM file permissions and ownerships Jun 14
- FreeBSD: Limiting closed port RST response Jun 7
- Cisco PIX: Cannot select private key May 28
- Install snort and BASE on FreeBSD May 27
- Remove PHPâs open_basedir restriction in Plesk May 23
- Changing the default SSL certificate in Plesk May 22
- Joomla and Plesk permissions May 21
- Relay access denied May 18
- Add SSL/TLS support to proftpd May 17
- Adding chrooted FTP users outside of Plesk Apr 27
- SSL connection to a non-secure port Apr 17
- Disable SSH timeouts Apr 12
- Disable SSLv2 in Lighttpd Apr 8
- Reset MySQL root password Mar 26
- Exporting SSL certificates from Windows to Linux Mar 23
- Forcing HTTPS (SSL) with mod_rewrite Mar 21
- Forcing HTTPS with PHP Mar 21
- Quick and fancy mail blacklist checking Mar 12
- Finding compromised scripts Mar 6
- Disabling SSLv2 in Plesk Feb 27
- Hide Apache Version Feb 23
- Chmod and the mysterious first octet Feb 14
- Finding compromised mail accounts in Plesk Feb 10
- Delete single iptables rules Feb 9
- Fighting DDOS attacks in Linux Feb 7
- Cisco Logging to RHEL Feb 6
- Treason Uncloaked Jan 31
- Verify that SSLv2 is disabled Jan 24
- Plesk admin user canât login Jan 24
- Securing MySQL Jan 5