Guaranteeing running code is signed
Jesse Keating
jkeating at redhat.com
Sun May 10 16:47:28 UTC 2009
On Sat, 2009-05-09 at 21:36 +0300, Ahmed Kamal wrote:
> Is there any technology in fedora, that enables me to ensure that ALL
> running code on a certain server (even code not installed from RPMs, such as
> say by a legacy admin), has been signed by redhat, and to warn me about
> un-signed code that is running or about to run. I am interested to verify a
> server is in a "known-good" state
1) look into "FIPS mode"
2) rpm --query --all --verify
3) System fingerprinting tools such as AIDE
--
Jesse Keating
Fedora -- Freedom² is a feature!
identi.ca: http://identi.ca/jkeating
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20090510/0df9f119/attachment.sig>
More information about the fedora-devel-list
mailing list