00:20.40 | *** join/#fredlug nmcbride (~nmcbride@166.198.212.84) |
03:13.40 | *** join/#fredlug plarsen (~plarsen@c-67-166-184-67.hsd1.va.comcast.net) |
03:13.48 | *** join/#fredlug plarsen (~plarsen@pdpc/supporter/professional/plarsen) |
03:15.59 | *** join/#fredlug plarsen (~plarsen@pdpc/supporter/professional/plarsen) |
04:01.59 | *** join/#fredlug nmcbride (~nmcbride@166.198.212.84) |
04:13.06 | nmcbride | I decided to remove arch from a laptop and give fedora another try |
04:13.16 | nmcbride | is http://fedoraproject.org/wiki/Features/gksudo really still not implemented yet? |
04:25.34 | *** join/#fredlug plarsen (~plarsen@pdpc/supporter/professional/plarsen) |
04:25.34 | *** join/#fredlug jsmith-away (~jsmith@fedora/jsmith) |
21:41.17 | *** join/#fredlug nmcbride (~nmcbride@166.197.92.71) |
21:42.09 | nmcbride | is gksudo really not integrted into fedora 14 yet? |
22:25.18 | stickster | nmcbride: gksudo is kind of like taking pliers to a nail... it's not the worst solution the problem but there are better ones. |
22:25.27 | stickster | s/solution/solution to/ |
22:25.37 | stickster | Uh, thanks infobot |
22:26.25 | stickster | Really PolicyKit should be handling rights elevation, and it has its own built-in method for raising dialogs for the user |
22:27.05 | nmcbride | oh ok so you can use policykit to run the admin tools instead of asking for the root password? |
22:27.14 | stickster | For instance, putting the main user of a single-user system like a laptop in desktop_admin_r group |
22:27.34 | stickster | nmcbride: Yes, you just need to provide policy for whatever random tool it is |
22:27.55 | stickster | http://freedesktop.org/wiki/Software/PolicyKit |
22:28.05 | nmcbride | thanks i'll read |
22:28.08 | nmcbride | let me ask you a question |
22:28.17 | nmcbride | i've been doing a lot of pen testing lately |
22:28.25 | nmcbride | and usually use archlinux |
22:28.39 | nmcbride | however vmware hasn't caught up to the new kernels yet .37+ |
22:28.54 | nmcbride | so I figured I'd give fedora a try again |
22:29.47 | nmcbride | so now I was trying to create another user account for my pentesting, reverse engineering malware, running all the tools compiled for the system |
22:29.48 | nmcbride | etc |
22:30.15 | nmcbride | and was trying to figure out how to use selinux to confine the pentesting user account so there isn't an spillage |
22:32.01 | stickster | What does "Pen" mean here? Are you talking about a bootable USB device with an OS on it? |
22:32.12 | nmcbride | oh sorry |
22:32.13 | nmcbride | no |
22:32.16 | nmcbride | penetration testing |
22:32.32 | nmcbride | kinda the caree path i've taken |
22:32.36 | nmcbride | have my GPEN and all that good stuff. :D |
22:32.58 | stickster | So first, I would probably want to confine via virt if possible first. |
22:33.06 | stickster | er, I overused "first" there. |
22:33.21 | stickster | If you need help with SELinux confinement, there's a #selinux channel here on Freenode IIRC. |
22:33.49 | nmcbride | i use vmware |
22:33.55 | nmcbride | but I didn't want the overhead of a vm |
22:34.12 | stickster | Overhead in what sense? |
22:34.32 | nmcbride | my laptop is kinda limited |
22:34.38 | nmcbride | in both memory and processor speed |
22:34.41 | stickster | Ah |
22:34.55 | nmcbride | i can run one or two vms usually |
22:35.02 | nmcbride | but can't really run a third just for analysis |
22:35.15 | nmcbride | so I was hoping selinux could be used as a solution to confine any spillage |
22:36.01 | stickster | It probably can to some extent. Again, #selinux is the place to go. |
22:36.20 | stickster | Ah, #fedora-selinux |
22:36.23 | nmcbride | yea that was on my list of stops |
22:36.42 | nmcbride | was reading an article about it at Red Hat Magazine atm |
22:36.43 | nmcbride | oh |
22:36.49 | nmcbride | one thing i did find |
22:36.58 | nmcbride | is that the http server configuration tool |
22:37.26 | nmcbride | is under both system->admin...->server settings->http |
22:37.27 | nmcbride | and |
22:37.39 | nmcbride | applications->system tools |
22:37.49 | stickster | nmcbride: Did you report that bug? |
22:38.05 | nmcbride | no just finished the install a few moments ago |
22:38.26 | stickster | I didn't even know we shipped that anymore. Did you install, like, all system tools or somethign? |
22:38.27 | stickster | *something |
22:40.55 | nmcbride | http://pastebin.com/VCPcNMUS |
22:41.21 | stickster | @server-cfg probably. |
22:41.46 | nmcbride | yea probably |
22:41.54 | nmcbride | just didn't expect it in both places :D |
22:42.09 | stickster | Just a simple .desktop file mistake |
22:42.15 | nmcbride | yep |
22:42.19 | nmcbride | I already fixed it |
22:42.27 | nmcbride | just asked to see if it was something well known |
22:42.33 | stickster | File that in BZ please --> https://bugzilla.redhat.com/ |
22:42.48 | stickster | Unfortunately I left my BZ database in my other brain ;-) |
23:50.44 | *** join/#fredlug nmcbride (~nmcbride@166.197.92.71) |
23:51.05 | nmcbride | man i hate unreliable tethering |