Guaranteeing running code is signed

Jesse Keating jkeating at redhat.com
Sun May 10 16:47:28 UTC 2009


On Sat, 2009-05-09 at 21:36 +0300, Ahmed Kamal wrote:
> Is there any technology in fedora, that enables me to ensure that ALL
> running code on a certain server (even code not installed from RPMs, such as
> say by a legacy admin), has been signed by redhat, and to warn me about
> un-signed code that is running or about to run. I am interested to verify a
> server is in a "known-good" state

1) look into "FIPS mode"

2) rpm --query --all --verify

3) System fingerprinting tools such as AIDE

-- 
Jesse Keating
Fedora -- Freedom² is a feature!
identi.ca: http://identi.ca/jkeating
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20090510/0df9f119/attachment.sig>


More information about the fedora-devel-list mailing list