Git Product home page Git Product logo

fsguard's Introduction

FsGuard

Guarding your filesystem

Building

Dependencies:

  • go

simply run build.sh to build the project and append the testing signature.

This will ensure that FsGuard is able to run properly by fetching signatures

Deploying

Filelist

FsGuard needs a filelist containg the sha1sum and suid permission of every binary to scan, an example file can be found here. A bash oneliner to create an entry for this file could look like this:

echo $(sha1sum /path/to/binary | sed 's/  / /g') $(ls -al /path/to/binary | awk 'BEGIN{FS=" "}; {print $1};' | grep s > /dev/null && echo "true" || echo "false")

This Filelist can be placed anywhere, as long as FsGuard has access to it when it launches.

Signing the Filelist

FsGuard expects a minisign signature and filelist to be appended to the binary. An example signature "set" can be found here. A signature set can be generated and added to FsGuard with these commands:

# Signing the filelist
minisign -G
minisign -Sm /path/to/filelist

# Generate the signature set
touch /path/to/signature
echo -e "----begin attach----" >> /path/to/signature
cat /path/to/filelist.minisign >> /path/to/signature
echo -e "----begin second attach----" >> /path/to/signature
cat ./minisign.pub >> /path/to/signature

# Append the signature set to the FsGuard binary
cat /path/to/signature >> /path/to/FsGuard

Launching FsGuard

As an init

FsGuard automatically starts the verification if it detects that it is a specific binary. This binary name and path can be set with the InitLocation property in the config/config.go file.

Additionally, FsGuard automatically starts a proper init once it completed the verification process. The init it launches can be controlled with the PostInitExec property in config/config.go.

As a pre-init script

FsGuard can also be started in a bash script that gets launched as an init, in this case, FsGuard works like a regular cli application and accepts the filelist location as an argument. A possible pre-init script could look like this:

#!/usr/bin/bash
FsGuard verify /path/to/filelist
exec /path/to/init

Make sure to launch the proper init using exec, some init systems like systemd will refuse to launch if they are not pid1, exec makes sure that the init script "drops" its pid and systemd is able to claim it.

Reporting issues

When reporting issues you encounter with FsGuard, please make sure to include the config.go file and how FsGuard gets launched.

fsguard's People

Contributors

axtloss avatar mirkobrombin avatar kbdharun avatar matbme avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.