Microsoft joined the open source community

As a member of the OIN community, I am excited to announce that Microsoft has joined the open source community. Specifically, on October 10, Microsoft has become a community member of OIN – the largest non-invasive patents community in history. By joining OIN, Microsoft acknowledged the importance of open source, and collaborated instead of being […]

SELinux with omarine policy: SELinux User Capabilities

Unlike Linux users where each user has a specific name like tho, emin, SELinux user is a group of users that have the same capabilities in terms of security context. For example, the standard SELinux user is user_u, the administration staff is staff_u. By convention, SELinux user names usually end with _u. The special case, […]

SELinux with omarine policy: Gnome terminal: Fixing the security context

Gnome terminal is GNOME terminal emulator. It works based on Gnome terminal server using dbus. By default, the bus is the system bus, so if you are currently using seuser user_u with the complete context as user_u:user_r:user_t:SystemLow(s0), you will see the Gnome terminal server running in init_t domain with complete context as follows: And the […]

SELinux with omarine policy: Secure login into a security context using ssh

When you run Omarine 5.0 for the first time, the autorelabel service will start. It takes a few minutes (usually 2-3 minutes) to relabel the entire file system. During this initial launch the system will operate in permissive mode. From next time on, the system will run in enforcing mode, which means that the security […]

Cyber security: Unpredictable Random Number Generator

Random Number Generator is an important factor of security activity to create cryptographic keys and passwords. We already know that the rand() function is a simple pseudo-random number generator. It returns a pseudo-random integer in the range 0 to RAND_MAX, ie, the mathematical range [0, RAND_MAX]. You can use rand() to define your own function […]

Cyber security: Monitor file integrity

In addition to ClamAV antivirus, Omarine 4.0 provides Tripwire package to monitor the integrity of the files in the system. The monitoring policy is derived from /etc/tripwire/twpol.txt, a plain text file that you can edit. To use tripwire you first create the site key and local key: sudo twadmin -m G -L /etc/tripwire/$(uname -n)-local.key \ […]

Cyber security: How to turn a non-TLS aware server into communicable with clients over secure TLS channels without server configuration?

Although we can easily configure the web server to listen to port 443 for https, this article uses the default configuration of the web server in Omarine 4.0, ie, not listening to port 443, to illustrate the case. No need to configure the server. We use stunnel to do that. We experiment on a local […]