Synchronous Multi-Master Clustering with MariaDB and Galera

With the vast adoption of MySQL over the years by many businesses and software vendors, there has always been a strong driver for resilience, scalability and fault-tolerance. MySQL has always had various methods for achieving this but in my opinion they have never been clean and simple methods for “set it up and forget” type […]

Using SELinux the right way… Leave it turned on!

Yesterday I was having a chat with the lads in the office about properly using SELinux. I realised later that I haven’t written down a short quick start guide on the topic, so here we go.

There seems to be an undesirable corporate standard in many organisations these days to simply disable SELinux because “its too complicated”. This article is designed to give you the information you need to not just challenge that stereotype, but also to change things for the better.

If you are unfamiliar with SELinux, here is a general background from Wikipedia.

“Security-Enhanced Linux (SELinux) is a Linux feature that provides the mechanism for supporting access control security policies, including United States Department of Defense-style mandatory access controls, through the use of Linux Security Modules (LSM) in the Linux kernel. It is not a Linux distribution, but rather a set of kernel modifications and user-space tools that can be added to various Linux distributions. Its architecture strives to separate enforcement of security decisions from the security policy itself and streamlines the volume of software charged with security policy enforcement.[1][2] The key concepts underlying SELinux can be traced to several earlier projects by the United States National Security Agency.

It has been integrated into the mainline Linux kernel since version 2.6, on 8 August 2003.”          —

Continue reading “Using SELinux the right way… Leave it turned on!” »

Host based access control with Red Hat Enterprise Linux 6

I was working on some more Yubikey token implementations last night and I was asked “How can I only let people in a specific user group login to my server?”

This is the perfect example of what “host based access control” is designed to address.

Every operating system will use host based access control at some point.

If you take Microsoft Windows for example, you will be unable to login to a server unless your user is a member of a specific security group.
With Microsoft Windows, the host based access control, or HBAC as it is commonly referred to, is managed by Active Directory.

With Red Hat Enterprise Linux, HBAC can be managed in a similar way if you are using the FreeIPA identity management solution.

Of course, not everyone has a straight forward homogeneous infrastructure.
For example, many of you may have your Linux infrastructure directly connected to Microsoft Active Directory as your identity management solution.
Continue reading “Host based access control with Red Hat Enterprise Linux 6” »

Enhancing your logging capabilities with Splunk

If you come from a Linux or Unix background, reading through logs is something you come to expect. It is something you have developed quick and easy ways to filter through large volumes of information on the fly, but still doing this manually.

If you come from a Windows background, your understanding of logging is checking what is in the Windows Event Viewer or using Notepad to close/reopen a text file for a specific application you are running.

Splunk is a web based tool that can help you filter through all of those logs, but give you the exact results you are searching for.

This article will take you through setting up Splunk in your environment, and how to quickly search for information for exactly what you are looking for.

Continue reading “Enhancing your logging capabilities with Splunk” »