Documentation


Viewing posts for the category Omarine User's Manual

Remote login using ssh in enforcing mode, why enforcing mode is secure?

Accessing with ssh is indispensable for both Cloud Computing and IoT. The general principle is that there is a ssh key pair at the client and the public key will be sent to the remote machine.

SELinux with omarine policy: Gnome terminal: Fixing the security context

Gnome terminal is GNOME terminal emulator. It works based on Gnome terminal server using dbus. By default, the bus is the system bus, so if you are currently using seuser user_u with the complete context as user_u:user_r:user_t:SystemLow(s0), you will see the Gnome terminal server running in init_t domain with complete context as follows:

SELinux with omarine policy: Secure login into a security context using ssh

When you run Omarine 5.0 for the first time, the autorelabel service will start. It takes a few minutes (usually 2-3 minutes) to relabel the entire file system. During this initial launch the system will operate in permissive mode. From next time on, the system will run in enforcing mode, which means that the security policy, security server and other parts of the whole SELinux system will apply in practice, not just audit.

Cyber security: Monitor file integrity

In addition to ClamAV antivirus, Omarine 4.0 provides Tripwire package to monitor the integrity of the files in the system. The monitoring policy is derived from /etc/tripwire/twpol.txt, a plain text file that you can edit.

Cyber security: How to turn a non-TLS aware server into communicable with clients over secure TLS channels without server configuration?

Although we can easily configure the web server to listen to port 443 for https, this article uses the default configuration of the web server in Omarine 4.0, ie, not listening to port 443, to illustrate the case. No need to configure the server.