How to Debug SMTP with TLS(SSL) and AUTH

The first thing to test is a TLS (aka SSL) connection. The stunnel program has special code for this, the command “stunnel -n smtp -c -r” will connect to the server via SMTP and negotiate SSL. If you use gnutls then the command “gnutls-cli -s -p 25” will connect to the server, allow […]


Software vs Hardware RAID

It’s a commonly held myth that hardware RAID is unconditionally better than software RAID. That claim is not true in all cases and is particularly wrong at the low end. Really Cheap Hardware RAID The cheapest so-called hardware RAID uses RAID in the BIOS and relies on an OS driver for support when running in […]


SE Linux Terminology

Security Context is the SE Linux label for a process, file, or other resource. Each process or object that a process may access has exactly one security context. It has four main parts separated by colons: User:Role:Domain/Type:Sensitivity Label. Note that the Sensitivity Label is a compile-time option that all distributions enable nowadays. User in terms […]


MySQL Cheat Sheet

This document is designed to be a cheat-sheet for MySQL. I don’t plan to cover everything, just most things that a novice MySQL DBA is likely to need often or in a hurry. Configuring mysqld If you are going to provide a database service to other machines edit /etc/mysql/my.cnf and set the bind-address parameter to […]



Portslave is a getty replacement that is designed to talk to a modem and spawn PPP or SLIP when the modem connects. It authenticates the connection via RADIUS. Portslave version 2010.04.19 source Portslave version 2010.03.30 source


thanks.txt on my Play Machine

On my SE Linux Play Machine I have a file in the root home directory named thanks.txt_append_only_dont_edit_with_vi which users can append random comments to. It kept slowly growing from the time of Fedora Core 2 to today, here is the text. Any text within brackets is my response to a question. you can send messages […]


Installing SE Linux on Debian/Lenny

Currently Debian/Lenny contains all packages needed to run SE Linux. Development continues so there are periodic updates which sit in Unstable for a while before migrating to Lenny (testing). I have set up my own APT repository for SE Linux packages. This has packages that need newer versions than in Lenny but which will be […]


Log Tools

The Logtools package contains a number of programs for managing log files (mainly for web servers). clfmerge will merge a number of Common Logfile Format web log files into a single file while also re-ordering them in a sliding window to cope with web servers that generate log entries with the start-time of the request […]


Porting NSA SE Linux to Hand Held devices

Notes I presented this paper at the 2003 Ottawa Linux Symposium (OLS). is defunct, since about 2004, so I removed the link. The NSA changed the URLs on their web site, so this version of the paper has the new ones. The SE Linux kernel interfaces have changed, now it’s all through the proc […]


SE Linux Magic

Here is a complete list of entries for /etc/magic related to SE Linux. # SE Linux policy database for Fedora versions less than 5, RHEL 4, and Debian before Etch # 0      lelong  0xf97cff8c      SE Linux policy >16    lelong  x              v%d >20    […]