[Linux-aus] signed executables
Russell Coker
russell at coker.com.au
Wed May 26 20:50:09 AEST 2021
https://etbe.coker.com.au/2021/05/10/more-evm/
https://etbe.coker.com.au/2021/04/18/ima-evm-certificates/
I've recently been playing with IMA (Integrity Management Architecture), the
above blog posts are about my early experiments with it (not yet getting it
working properly).
When it is working properly it can be configured to only execute or mmap files
that are RSA signed and also have RSA signatures on SE Linux file context
labels. My general idea is to have the signatures made on an internal server
and then pushed to a production server such that the production server has no
ability to write a file (not even as root) that the kernel will execute.
Posting to this list because probably lots of people here will be interested,
and because someone on this list mentioned related things in a conversation.
--
My Main Blog http://etbe.coker.com.au/
My Documents Blog http://doc.coker.com.au/
More information about the linux-aus
mailing list