There are many places online that explain how to install and perform initial set up for modsecurity on Apache. However, I haven't found anywhere that shows how to do it with the standard Debian packages and that respects the normal apt update process. The caveat here is that like a lot of standard Debian packages, the packages included in wheezy lag upstream by a few versions. This is obviously something to consider, especially when dealing with security related software. If you're like me,...

Why chroot jails based on host name?
If you don't care about the background info just jump to Setting up sshd chroot jail and SELinux.

So I have started configuring automated deployments through my organization using a continuous integration server called Jenkins. I'll post more on Jenkins regularly so that eventually you can have a series of posts which wrap up into a nice and secure howto for Jenkins. So here's why I want chroot jails based on host names.

...

Found this hilarious, and sickening, link on Slashdot:

http://blog.hansenpartnership.com/ad...-uefi-signing/

It's an article written by the poor guy who is trying to get the Linux Foundation's pre-bootloader signed by Microsoft, so we all can install Linux on Microsoft-approved hardware (without disabling UEFI secure boot manually). Describes all the steps he had to go through, compromises he had to make, and agreements he had to sign in the process....

http://faif.us/cast/2012/sep/27/0x32/

This oggcast contains Matthew Garrett's discussion of UEFI and Secure Boot. It is the first explanation I've heard on the subject that really came across clearly.

I thought a few lines from this last report about a Java vulnerability were rather humorous:

http://www.theregister.co.uk/2012/08..._patched_java/

...