[[email protected] ~]$ sudo ausearch -c 'rtkit-daemon' --raw | audit2allow -M my-rtkitdaemon # semodule -X 300 -i my-rtkitdaemon.pp
[sudo] password for eric:
******************** IMPORTANT ***********************
To make this policy package active, execute:
semodule -i my-rtkitdaemon.pp
[[email protected] ~]$ sudo semodule -i my-rtkitdaemon.pp
[[email protected] ~]$
SELinux has never been easier and I love it
Security and Convenience? Why not both?
For those unfamiliar
What is SELinux:
Perhaps the most useful description is thinking of it as a framework for managing access control to files and other resources in the Linux system that go far beyond standard file permissions or aces control lists. As if chown and chmod werent already a headache
Is there a Presentation I can watch?
Yes, RHEL has one. The video goes into its difficulties but also why its good.
Whats my issue?
My issue before was inconvenience. I never had a testing and production system. You want an air gapped testing system so that you dont have to remove protections from your production machine to fix the issue. Cockpit mostly solves that including for stuff that doesnt like SELinux (like PiHole)
Interesting 2 antenna 1s a 2 and a 3. This may shed light on how the code the mu-mimo and how the array transmits and recieves. Ill dig into that later after a before and after testing of stock vs professional antennas
Alright guys heres the AP setup for signal strength testing. You will notice I am going to keep the power the same and keep DTIM and beacon interval the same so to not skew the tests as well as disabled disassociate on low ACK… When I run my tests you will see the difference between true professional antennas and the basic stocks.
Set Delivery Transaction Indication Message Interval to 1
Channel Power (Max Regulatory 30 dBm-1Watt)
Please note I will change the TX power to accurate reflect EIRP to be within legal bounds later. Im sure a test or two wont upset HAM folk
Reason for testing is for science
Notes about high gain antennas; If you change the following parameters via antennas you can no longer guarantee you are operating within FCC Spec and proper EIRP:
Output S parameters (output VSWR etc)
Its important to realize if you do get higher gain antennas the polite thing to do is to turn down the power and try to stay in spec. Its not nice to operators or your neighbors. Most consumer and even prosumer radios do not have the abilit yot check the matching and all the parameters above, only high end Amatuer radios. They are programmed with whatever they got from the factory!
If you’re using PiHole on your network to block ads and prevent your various smart devices from sending tracking information to their manufacturers, you might be surprised to find out that some of these devices are using a sneaky tactic to bypass your PiHole entirely.
Smart devices manufacturers often “hard-code” in a public DNS server, like Google’s 184.108.40.206, and their devices ignore whatever DNS server is assigned by your router - such as your PiHole.
Nearly 70% of smart TVs and 46% of game consoles were found to contain hardcoded DNS settings - allowing them to simply ignore your local network’s DNS server entirely. On average, Smart TVs generate an average of 60 megabytes of outgoing Internet traffic per day , all the while bypassing tools like PiHole.
Fortunately, with a few simple firewall rules, you can intercept these hardcoded DNS queries and redirect them to your PiHole. These instructions are for pfSense, however you should be able to adapt them for Sophos XG, Ubiquiti EdgeRouter, etc.
See above. Coreboot. ME nuked from orbit. I dont care about state actors. I just like supporting the development on these. After all I am an engineer for the DOD lol. Open firmware is cool and its not just for the careful.
The older AMD CPUs cant match the troughput in the power and form factor of what I bought. Consider checking it out!