OpenBSD is an operating system that's famous for its focus on security. Unfortunately, OpenBSD leader Theo states that there are only 7000 users of OpenBSD. So it's a very small but elite group, that wields a disproportionate influence; since we hear all the time about the awesome security features these guys get to use, even though we usually can't use them ourselves. Pledge is like the forbidden
Live-patching security vulnerabilities inside the Linux kernel with eBPF Linux Security Module2022-06-29 Linux Security Modules (LSM) is a hook-based framework for implementing security policies and Mandatory Access Control in the Linux kernel. Until recently users looking to implement a security policy had just two options. Configure an existing LSM module such as AppArmor or SELinux, or write a
特定の外部ネットワークへの通信の制限にはファイアウォールなどを利用することが多いですが、コンテナや実行されたコマンド名などをもとに、通信を制御したいという需要が自分の中でありました。 具体的には GitHub Self-hosted runner のような CI / CD 環境で、依存パッケージに悪意あるコードが入り込んでしまうようなサプライチェーン攻撃などを検知・防御し、意図せずにクレデンシャルなどの秘匿すべき情報が外部に漏洩するのを防ぎたいと思っていました。 このようなサプライチェーン攻撃への対策は様々ですが、実行時に悪意のある動作を検出するものとして、GitLab が Falco をベースとした Package Hunter などがあります。このツールは依存パッケージなどをインストールする際に実行されるシステムコールなどを監視するものです。 検知するだけであれば Package Hu
The PAM Duress is a module designed to allow users to generate 'duress' passwords that when used in place of their normal password will execute arbitrary scripts. This functionality could be used to allow someone pressed to give a password under coercion to provide a password that grants access but in the background runs scripts to clean up sensitive data, close connections to other networks to li
"WSL Hello sudo" is a Linux PAM module and companion Windows CLI apps that realize sudo by biometric login of Windows Hello on Windows Subsystem for Linux (WSL). This PAM module allows you to authenticate sudo via face recognition, fingerprint authentication, and of couse machine-local PIN. It runs in both WSL and WSL 2. Both the Linux PAM module and Windows CLI app are written in Rust. Please use
I heard that dramatic article images heavy with meaning are a meme, so here you have a picture of a subway tunnel because VPNs are network tunnels. 1 Short Instructions I recently reorganized my self-hosted stuff to use Docker. While Docker not really fits my philosophy, the broad availability and low-maintenance of images for pretty much all software convinced me to switch and so far I’m happy, i
$ ./bin/kernel-hardening-checker -a [+] Going to autodetect and check the security hardening options of the running kernel [+] Detected version of the running kernel: (6, 5, 0) [+] Detected kconfig file of the running kernel: /boot/config-6.5.0-1025-azure [+] Detected cmdline parameters of the running kernel: /proc/cmdline [+] Saved sysctl output to /tmp/sysctl-n7hd4ab2 [+] Detected microarchitect
リリース、障害情報などのサービスのお知らせ
最新の人気エントリーの配信
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く