My thoughts on RedHat’s EX403 exam

red hat certificate of expertiseI’ve recently gained the Certificate of Expertise in Enterprise Deployment and Systems Management after passing EX403. I took the exam in the City of London as an individual session – this time on KOALA – Kiosk On A Laptop. On the RedHat’s site the exam is advertised to take three hours but after starting the exam I found that the clock shows four hours.

Continue Reading

SELinux, confined users and Systemtap

While we’re waiting for CVE-2016-5195 to be patched, RedHat released a workaround for the most common form of the exploit being run in the wild. It uses systemtap to block access to mem_write function.

I wanted to apply it and started tests, only to find that stap returned EPERM while loading the module! As I’m running with SELinux enabled, I checked the /var/log/audit/audit.log. Surprisingly there was no AVCs with deny! Although most of the calls are audited, you can mark some to be silently dropped by audit. You can disable that filter using semanage dontaudit off. I run stap again and… bingo!

Continue Reading