Re: Guaranteeing running code is signed

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

> Is there any technology in fedora, that enables me to ensure that ALL
> running code on a certain server (even code not installed from RPMs, such as
> say by a legacy admin), has been signed by redhat, and to warn me about
> un-signed code that is running or about to run. I am interested to verify a
> server is in a "known-good" state

I don't know of any « One True Solution », but you could use things like :
$ rpm -qaV
  -> this will list all files modified _after_ they were installed via RPM
$ rpm -qf <some file>
  -> this will tell you the package that this file belongs to

You can then use the « --queryformat » option of RPM to get various
informations about a package, for example where did it come from.

For files installed not using RPM, I'm not sure how to verify this,
but as Fedora only provides files in RPMs, I'm pretty confident that
no file outside a RPM will be signed by Fedora.

For RedHat, I have no idea, but you are on a Fedora mailing-list ;)


----------

Mathieu Bridon (bochecha)

-- 
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux