Re: Guaranteeing running code is signed

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sat, 9 May 2009 22:28:58 +0300, Ahmed wrote:

> while rpm's verify options are useful in many cases, they are not in this
> one. The use case is, Admin A takes ownership of server-C from admin B,
> admin-B might have infested server-C with all kinds of "custom" code (and
> even worse, scripts executing as root). How does admin-A ensure no custom
> code (scripts are probably even harder?) is running on server-C.This looks
> to me like it needs collaboration from the auditing subsystem (whenever a
> process starts), and selinux (detecting/blocking) executables not meeting
> signing requests, or at least logging what happened
> 
> Does fedora have the tools to accomplish such a task today, if not what's
> missing

If at least the admins in your scenario are trusted, you could make them
use intrusion detection tools like AIDE (package "aide") or Tripwire
(package "tripwire") as these can cover all files found on the system (not
just those known by the RPM database). The important thing to do is to
ensure that the admins only update the AIDE/Tripwire database (and store
it on external media) when the system installation is in a known good
state. If any of the admins don't pay proper attention to reports of files
that have changed and update the checksums database nevertheless, you lose.

-- 
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux