linsec.ca blog » rsec http://linsec.ca/blog You can have it right, or you can have it now. But you can't have it right now. Sat, 05 May 2012 22:03:58 +0000 en hourly 1 http://wordpress.org/?v=3.3.2 rsec and AIDE+gpg now on github http://linsec.ca/blog/2011/10/29/rsec-and-aidegpg-now-on-github/?utm_source=rss&utm_medium=rss&utm_campaign=rsec-and-aidegpg-now-on-github http://linsec.ca/blog/2011/10/29/rsec-and-aidegpg-now-on-github/#comments Sat, 29 Oct 2011 23:41:46 +0000 vdanen http://linsec.ca/blog/?p=1029 Ok, so the last of my git-related topics today (I need to get back to washing windows, sadly).

I’ve pulled out AIDE+gpg and rsec from the Annvix tools subversion repository and they are now on github:

AIDE+gpg on github
rsec on github

The next step, maybe for around Christmas, is to turn these into Fedora and/or EPEL packages so that I can (finally?) actually be a Fedora contributor beyond just filing security bugs. I may be the only one made happy by that, but I think it would be cool. =)

]]> http://linsec.ca/blog/2011/10/29/rsec-and-aidegpg-now-on-github/feed/ 0 rsec, msec, sectool.. hmmm… I smell opportunities http://linsec.ca/blog/2009/09/02/rsec-msec-sectool-hmmm-i-smell-opportunities/?utm_source=rss&utm_medium=rss&utm_campaign=rsec-msec-sectool-hmmm-i-smell-opportunities http://linsec.ca/blog/2009/09/02/rsec-msec-sectool-hmmm-i-smell-opportunities/#comments Thu, 03 Sep 2009 02:22:27 +0000 vdanen http://linsec.ca/blog/?p=564 So I was approached by Eugeni, one of my former fellows at Mandriva, today about some collaboration in regards to Mandriva’s msec and my way-back-when fork for Annvix, rsec. He wrote a blog post about msec’s future and plans detailing the things he wants to do with msec in the future. So he dropped me a line to see how I’d feel about making msec and rsec play nice together so there wouldn’t necessarily be a need for both (since there is obviously some duplication of functionality, one being a fork of the other after all).

So I think this might be a good move. rsec is essentially a complete tool, but if we can swap in msec’s plugin functionality for the reports and make it so that is can be a standalone component separate from msec (be it that msec drops the reporting capabilities and adopts a refreshed rsec as a dependency, or whether msec permits building just the reporting capabilities separate from the msec stuff), then I’m definitely game. What might be interesting, however, is to see how msec and rsec can be merged with sectool in some way. To be honest, I’d never heard of sectool until Eugeni mentioned it… it’s a Fedora project so it might have a lot of Red Hat/Fedora-specific stuff in there, but if it is or could be more generalized to do what msec does as well as what rsec does, then maybe there’s a place for one tool to take the place of three tools and have a broader usage base and become a better tool.

The opportunity here to build a better tool out of two, or maybe even three, tools is quite interesting and one of the things I love about open source. Merging msec and rsec should be quite easy I think. Merging with sectool might be more difficult, but I see a lot of crossover in what msec and sectool both do already — there really is no reason to have a Mandriva-specific tool and a Fedora-specific tool that do the same thing. I suspect sectool might be good at creating decent reports which may even obsolete the need for rsec. Taking a closer look at sectool will help me determine if that is the case (and then it remains to be seen if there is a sectool build for EPEL or if it can be done since I’m currently using rsec on some Red Hat Enterprise Linux 5 and CentOS 5 systems).

Either way, I smell some possibilities here.

]]> http://linsec.ca/blog/2009/09/02/rsec-msec-sectool-hmmm-i-smell-opportunities/feed/ 0