Linux Systems Engineer, Security Engineer, Open Source Fan, Florida Gator, USAF Veteran, Husband, Father. Views/opinions are solely my own.

Got Badlock? Ansible Can Help

Badlock might not be bad for all. If you are using Ansible you can patch your systems with a single playbook (or ad hoc command). For RPM based OS users Badlock (samba) patching is as easy as: ansible -m shell -a "yum update *samba*" all Or you can be very granular and use an Ansible Playbook to audit and patch samba packages: --- - hosts: all tasks: - name: Check if samba packages are installed shell:…

Yubikey 4 Nano Demands Use of yubiswitch

As more and more security policies demand the use of multi-factor authentication the number of times a day you use a multi-factor token will increase. Hopefully that number will not increase to a level that throws the balance of security and convenience towards the annoyingly secure side of the scale. But, if that ever does happen hopefully you can use an Yubikey as your token. There are various sizes and styles of Yubikey to suit your…

Disabling Mac OS X El Capitan System Integrity Protection

Apple has introduced a new security feature in Mac OS X El Capitan (10.11) called System Integrity Protection (sometimes referred to as rootless). What is System Integrity Protection? According to Apple's documentation: A new security policy that applies to every running process, including privileged code and code that runs out of the sandbox. The policy extends additional protections to components on disk and at run-time, only allowing system binaries to be modified by the system…