Monday Mar 09, 2009

NEW: Solaris Package Companion v0.9

Today, I am proud to announce the release of version 0.9 of the Solaris Package Companion. This new version is primary based upon a set of patches provided by Jerome Blanchet that provided support for the collection and processing of reverse dependency information ("R" entries in a package's depend(4)) file) as well as enhanced processing and display of platform specific packages. Thank you, Jerome!

As is my tradition when a bug is found, I try and publish a little something extra as a mea cupla. Due to limited "free time", the "mea culpa" enhancement this time is quite minor but worth mentioning anyway. In past versions, there was no interface to change the information collection rules of the tool. If you wanted to disable the collection of certain types of information (such as package names or dependencies) you had to go into the code and change the relevent COLLECT_ variable. No longer. The defaults are still the same, but now the tool will honor variable settings originating from the shell or command line as follows:

$ env COLLECT_NAMES=0 ./spc-v0.9.ksh -r /tmp/myrepository -i -l

Note that the COLLECT_ variables are only used during the creation of a repository. Not a big enhancement, but one none the less! Thank you again Jerome for discovering the bug and offering a patch!

Keep the suggestions, reports and fixes coming!


Technorati Tag:

Friday Feb 13, 2009

Solaris Security Chat in SecondLife

Virtual Glenn is a pretty strange concept, but for those who can move past it, check this out! This is a picture of my SecondLife avatar in front of the Solaris Campus stage. On February 24th, 2009 at 9 AM PT / 12 PM ET, I will be participating in an expert chat that will be loosely based around my blog article titled Top 5 Solaris 10 Security Features You Should Be Using. I will be talking a bit about each of the five items as well as answering questions. In total, the event will last about an hour and should be a lot of fun (assuming I can overcome being a SecondLife n00b!)

This will be my first presentation inside of a virtual world, and I would encourage anyone who is interested to get a login, a copy of the client, and join me on the 24th to have a little fun a world away. For more information, check out the Sun Virtual Worlds posting for the event! Hope to see you there!

Wednesday Dec 10, 2008

mod_privileges for Apache HTTPD

Special thanks to Matt Ingenthron for pointing out that mod_privileges has been integrated back in the Apache trunk (manual) recently. For more information check out NIQ's Soapbox posting on the subject.

Looks like I will have to find a new target (I am looking at you MySQL!) for my BluePrints. I have used the Apache with SMF privileges example in a few publications including Limiting Service Privileges in the Solaris 10 Operating System (2005) and Privilege Debugging in the Solaris 10 Operating System (2006). The content of these papers is still relevant in the general sense, but with the introduction of mod_security, some of this content will no longer be as useful for Apache. That said, lots of other services can and do benefit from the techniques described.

If you find yourself ever wanting to do something similar - converting your services to be privilege aware on Solaris 10, check out the Sun BluePrints article Privilege Bracketing in the Solaris 10 Operating System (2006). Also, check out the OpenSolaris Security Community project on Privilege Debugging as it can help you in finding out what privileges your programs and services need.

Until next time!


Technorati Tag:

Friday Nov 14, 2008

NEW: Solaris 10 Security Deep Dive Presentation

It must be that time of year again. At Sun's Customer Engineering Conference this year, I unveiled the latest update to my Solaris 10 Security Deep Dive Presentation. This version has been updated based upon Solaris 10 10/08 (Update 6) which means it is in sync with the most recently shipping version of Solaris 10. This version is in OpenDocument Format. Should you want a PDF version, you can use this copy.

The last update that I had posted was downloaded more than 2,000 times. That is a great number for such a specialized and technical topic. With all of these downloads, however, I have yet to hear from you! Please be sure to send along your feedback! I am particularly interested in things like:

  • Does the content meet your needs? How can it be improved?
  • What are your security requirements not met today by Solaris 10? What is your wish list?
  • Is their content where you would like more detailed information (e.g., a BluePrint)?

As I said in my last Solaris 10 Security Update... If you have not taken a look into what Solaris 10 can offer recently, you really must give it a look! Also, be on the look out for a posting very soon on a project called Immutable Service Containers. With that as a teaser, I will sign off for today... Take care!


Technorati Tag:

Tuesday Aug 05, 2008

NEW: Solaris 10 Security Deep Dive Presentation

Way back when, I posted an update to the original Solaris 10 Security Deep Dive presentation that included support for Solaris 10 Update 3 (11/06). Well, it has been entirely too long since the last update, so I am happy to say that the wait has ended! A new version of the talk is ready for download! This has been quite a journey and a lot has changed in Solaris since it was first released back in 2005. If you have not taken a look into what Solaris can offer recently, I am sure you will be in for a pleasant surprise. Give it a look, and as always feedback is appreciated! Take care!


Technorati Tag:


This area of cyberspace is dedicated the goal of raising cybersecurity awareness. This blog will discuss cybersecurity risks, trends, news and best practices with a focus on improving mission assurance.


« July 2016