08-06-2013
Quote:
Originally Posted by
nimafire
can you explain more?how can i do this?
Mandatory Access Controls (MAC) like SELinux or TOMOYO allow you to create a policy that can deny access to files. The problem, and that's why I said it would probably be convoluted, is that it is unlikely that any existing policies will match your needs so
you'll have to write your own policy: tedious, bothersome and no guarantee your policy works until you have tested it. If you want to learn more best read the documentation first.
Quote:
Originally Posted by
nimafire
how about scrub command?
Never heard of it.
Quote:
Originally Posted by
nimafire
is it possible to set it to files i need to prevent any changes by other ?
Immutable bit, yes.
8 More Discussions You Might Find Interesting
1. Shell Programming and Scripting
I recently upgraded a system from php 4.4.2 to php 5.2.1, and one of my scripts has started behaving very strangely. I've tried google but come up blank so far.
Basically what the script does is select a large amount of data from a mysql (4.1.21) database, do some manipulation, the plots a graph... (4 Replies)
Discussion started by: Unbeliever
4 Replies
2. Linux
Hello,
I'm writing a linux driver that reading the data of a page frame of an process. But when I use it, it make immediately freeze the system. Can you help me? Thank for reading my question!
system: Ubuntu 9.04, kernel 2.6.28.15, Intel Duo
static int read_addr(int pid, unsigned long... (2 Replies)
Discussion started by: hahai
2 Replies
3. Linux
Hi,
I wrote a kernel module that did a virtual network protocol and library that provide interface for application use to interact with the kernel module by ioctl actions.
insmod the module and unload the module, there will be no problem. But once I call the library with my example... (0 Replies)
Discussion started by: a2156z
0 Replies
4. SCO
Hi,
My SCO server freezes suddenly. I just want to know if there any tools / commands availble that can find which is causing the freeze?
Any help on this would be greatly appreciated.
Regards,
Ravikumar R (4 Replies)
Discussion started by: rrb2009
4 Replies
5. AIX
Guy's
I have user calld appuser
home directory of this user is : /app/application
when this user login , user will be direct under this directory /app/application
I want to keep and freeze this user in his home directory to be able to access only his home directory and denied it... (2 Replies)
Discussion started by: Mr.AIX
2 Replies
6. SCO
Hi Gurus
I have installed SCO 6.0 open server on Dell R710 server.
It has frozen three times afte installtion. and I had to cold reboot to bring the server back again.
I need to know where to look for the reason it froze.
The keyboard on the server the asterisk key is pressed, even... (13 Replies)
Discussion started by: atish0
13 Replies
7. Linux
I got a dual boot with grub2, but everytime I turn on the computer and the booter is loaded, I can't handle the menu, so I am forced to wait the countdown and choose the default option.
I'd really like to know why!
This is my grub.cfg,
# # DO NOT EDIT THIS FILE # # It is automatically... (0 Replies)
Discussion started by: Luke Bonham
0 Replies
8. Solaris
Hi,
I tried to boot the Solaris 11 install DVD the other day and I can't get past the "SunOS" text banner on the clear/newscreen. It just hangs with a solid block cursor. I have a new computer and that might be the problem, but what I want is more verbosity maybe, some kind of detailed... (2 Replies)
Discussion started by: eax
2 Replies
LEARN ABOUT CENTOS
tpm_quote_tools
TPM QUOTE
TOOLS(8) TPM QUOTE TOOLS(8)
NAME
TPM Quote Tools
PROGRAMS
tpm_mkuuid, tpm_mkaik, tpm_loadkey, tpm_unloadkey, tpm_getpcrhash, tpm_updatepcrhash, tpm_getquote, tpm_verifyquote
DESCRIPTION
TPM Quote Tools is a collection of programs that provide support for TPM based attestation using the TPM quote operation.
A TPM contains a set of Platform Configuration Registers (PCRs). In a well configured machine, some of these registers are set to known
values during the boot up process or at other times. For example, a PCR might contain the hash of a boot loader in memory before it is
run.
The TPM quote operation is used to authoritatively verify the contents of a TPM's Platform Configuration Registers (PCRs). During provi-
sioning, a composite hash of a selected set of PCRs is computed. The TPM quote operation produces a composite hash that can be compared
with the one computed while provisioning.
To use the TPM quote operation, keys must be generated. During provisioning, an Attestation Identity Key (AIK) is generated for each TPM,
and the public part of the key is made available to entities that validate quotes.
The TPM quote operation returns signed data and a signature. The data that is signed contains the PCRs selected for the operation, the
composite hash for the selected PCRs, and a nonce provided as input, and used to prevent replay attacks. At provisioning time, the data
that is signed is stored, not just the composite hash. The signature is discarded.
An entity that wishes to evaluate a machine generates a nonce, and sends it along with the set of PCR used to generate the composite PCR
hash at provisioning time. For this use of the TPM quote operation, the signed data is ignored, and the signature returned is used to val-
idate the state of the TPM's PCRs. Given the signature, the evaluating entity replaces the nonce in the signed data generated at provi-
sioning time, and checks to see if the signature is valid for the data. If so, this check ensures the selected PCRs contain values that
match the ones measured during provisioning.
A typical scenario for an enterprise using these tools follows. The tools expect AIKs to be referenced via one enterprise-wide Universally
Unique Identifier (UUID). The program tpm_mkuuid creates one.
For each machine being checked, an AIK is created using tpm_mkaik. The key blob produced is bound to the UUID on its machine using
tpm_loadkey. The public key associated with the AIK is sent to the entities that verify quotes. Finally, the expected PCR composite hash
is obtained using tpm_getpcrhash. When the expected PCR values change, a new hash can be generated with tpm_updatepcrhash.
The program to obtain a quote, and thus measure the current state of the PCRs is tpm_getquote. The program that verifies the quote
describes the same PCR composite hash as was measured initially is tpm_verifyquote.
SEE ALSO
tpm_mkuuid(8), tpm_mkaik(8), tpm_loadkey(8), tpm_unloadkey(8), tpm_getpcrhash(8), tpm_updatepcrhash(8), tpm_getquote(8), tpm_verifyquote(8)
Oct 2010 TPM QUOTE TOOLS(8)