|
|
Sponsored Content
Top Forums
UNIX for Advanced & Expert Users
"Signed Linux" - Only executing signed programs
Post 302498987 by disaster on Wednesday 23rd of February 2011 03:20:16 AM
02-23-2011
"Signed Linux" - Only executing signed programs
Hey folks,
not sure whether this or the security board is the right forum. If I failed, please move
So here's the problem:
I need to build a Linux environment in which only "signed" processes are allowed to run. When I say signed I don't mean a VeriSign signature like you know it from Windows, but I mean signed by myself. I.e. I choose the software allowed to run, sign it, and then want to deny any other processes to run.
If it is somehow possible I'd like to extend this even to scripts and the kernel (i.e. no unsigned modules can be loaded).
Does anyone have a good idea how to solve this problem?
The bad thing is: I'm pretty fine with coding stuff myself in C, but have absolutely 0 experience or knowledge in kernel (module)-programming.
Any tipps, links, literature, finished programs will be appreciated, thanks
A short idea I had and almost forgot: How difficult is it to change the routine of linux which starts a process in such a way that it will call for every process start a little programm of myself which will then check the program to be executed and - in case of a missing signature - will cancel it?
not sure whether this or the security board is the right forum. If I failed, please move
So here's the problem:
I need to build a Linux environment in which only "signed" processes are allowed to run. When I say signed I don't mean a VeriSign signature like you know it from Windows, but I mean signed by myself. I.e. I choose the software allowed to run, sign it, and then want to deny any other processes to run.
If it is somehow possible I'd like to extend this even to scripts and the kernel (i.e. no unsigned modules can be loaded).
Does anyone have a good idea how to solve this problem?
The bad thing is: I'm pretty fine with coding stuff myself in C, but have absolutely 0 experience or knowledge in kernel (module)-programming.
Any tipps, links, literature, finished programs will be appreciated, thanks
A short idea I had and almost forgot: How difficult is it to change the routine of linux which starts a process in such a way that it will call for every process start a little programm of myself which will then check the program to be executed and - in case of a missing signature - will cancel it?
|
|
We Also Found This Discussion For You
1. Shell Programming and Scripting
Hi All,
i am trying to ssh to a remote machine and execute certain command to remote machine through script.
i am able to ssh but after its getting hung at the promt and after pressing ctrl +d i am gettin the out put as
expect: spawn id exp5 not open
while executing
"expect "$" {... (3 Replies)
Discussion started by: Siddharth shivh
3 Replies
LEARN ABOUT PHP
gnupg_sign
GNUPG_SIGN(3) 1 GNUPG_SIGN(3) gnupg_sign - Signs a given text SYNOPSIS
string gnupg_sign (resource $identifier, string $plaintext) DESCRIPTION
Signs the given $plaintext with the keys, which were set with gnupg_addsignkey before and returns the signed text or the signature, depending on what was set with gnupg_setsignmode. PARAMETERS
o $identifier -The gnupg identifier, from a call to gnupg_init(3) or gnupg. o $plaintext - The plain text being signed. RETURN VALUES
On success, this function returns the signed text or the signature. On failure, this function returns FALSE. EXAMPLES
Example #1 Procedural gnupg_sign(3) example <?php $res = gnupg_init(); gnupg_addsignkey($res,"8660281B6051D071D94B5B230549F9DC851566DC","test"); $signed = gnupg_sign($res, "just a test"); echo $signed; ?> Example #2 OO gnupg_sign(3) example <?php $gpg = new gnupg(); $gpg->addsignkey("8660281B6051D071D94B5B230549F9DC851566DC","test"); $signed = $gpg->sign("just a test"); echo $signed; ?> PHP Documentation Group GNUPG_SIGN(3)