To change the passphrase on your default RSA key: ➜ ssh-keygen -p Enter file in which the key is (/home/kenno/.ssh/id_rsa): Enter new passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved with the new passphrase. Note that if you have more a different key, you can either supply it at the “Enter file in which key is” prompt or provide this file to the ssh-keygen argument with the -f option. E.g.: ...

In my previous blog post, Managing File System Encryption with LUKS, I showed how to create an encrypted partition (of disk) using LUKS. Today, I’d like to show you how we can change the passphrase on this LUKS encrypted partition and keeping this passphrase (key) in the same slot. While I’m writing this blog post, I cannot remember how to do this, and I’m going to try to figure this out without doing the Google search. :) ...

Update BIOS firmware version 1.9.1 is available for Dell Latitude 7400. This firmware was released on 30 June 2020. It is marked Urgent and contains the following fixes and enhancements: Fixes: Fixed the issue where the system cannot detect the Intel Software Guard Extensions (SGX) device when SGX is enabled. Firmware updates to address security advisory INTEL-SA-00295 (CVE-2020-0531, CVE-2020-0532, CVE-2020-0533, CVE-2020-0535, CVE-2020-0536, CVE-2020-0537, CVE-2020-0538, CVE-2020-0539, CVE-2020-0540, CVE-2020-0545, CVE-2020-0594, CVE-2020-0595, CVE-2020-0596, and CVE-2020-8674). Firmware updates to address the Intel Security Advisory INTEL-SA-00320 (CVE-2020-0543). Firmware updates to address the Intel Security Advisory INTEL-SA-00329 (CVE-2020-0548 and CVE-2020-0549). Firmware updates to address the Intel Security Advisory INTEL-SA-00322 (CVE-2020-0528 and CVE-2020-0529). Enhancements: ...

This blog post is mainly about my practicing of managing security risk on a RHEL system, especially learning how to use the occasionally option passed to YUM command. It is probably not a good resource teaching how to properly manage security risks in general. Identify all critical, important, and moderate security notices on this server. [root@puppet2 ~]# yum updateinfo --security Updating Subscription Management repositories. Red Hat Enterprise Linux 8 for x86_64 - Supplementary (RPMs) 21 kB/s | 2.1 kB 00:00 Red Hat Enterprise Linux 8 for x86_64 - AppStream (RPMs) 27 kB/s | 2.8 kB 00:00 Red Hat Enterprise Linux 8 for x86_64 - BaseOS (RPMs) 475 B/s | 2.4 kB 00:05 EPEL8 x86_64 28 kB/s | 2.8 kB 00:00 Updates Information Summary: available 2 Security notice(s) 2 Important Security notice(s) Determine how many security-related packages are available for this machine. ...

Let’s find out the name of the package using the awesome eix command, and install that package. ~ # eix usbguard * sys-apps/usbguard Available versions: ~0.7.6-r1 ~0.7.8 {bash-completion dbus ldap policykit static-libs systemd} Homepage: https://github.com/USBGuard/usbguard Description: Daemon protecting your computer against BadUSB ~ # emerge --ask sys-apps/usbguard These are the packages that would be merged, in order: Calculating dependencies... done! !!! All ebuilds that could satisfy "sys-apps/usbguard" have been masked. !!! One of the following masked packages is required to complete your request: - sys-apps/usbguard-0.7.8::gentoo (masked by: ~amd64 keyword) - sys-apps/usbguard-0.7.6-r1::gentoo (masked by: ~amd64 keyword) For more information, see the MASKED PACKAGES section in the emerge man page or refer to the Gentoo Handbook. It looks like we need to unmask usbguard. ...