Contents |
---|
Hello
Warning This is a warning
Hello
Note This is a note
The Keylime integrity verification system currently operates on a pull, or server-initiated, basis whereby a verifier directs a number of enrolled nodes to attest their state to the server on a periodic basis. This model is not appropriate for enterprise environments, as each attested node thereby acts as an HTTP server. The requirement to open additional ports for each node and the associated increase in attack surface is unacceptable from a compliance and risk management perspective.
This document aims to outline the challenges that need to be overcome in order to support an alternate push model in which the nodes themselves are responsible for driving the attestation cycle. These include changes to the registration, enrolment and attestation protocols. We hope to elicit feedback from the Keylime community on these topics to arrive at a robust, forward-thinking solution which considers the latest developments in verification.
Thore Sommer (@THS-on) has p
DigitalOcean droplets (aka VMs) are configured to use the system's root account directly when accessing them over SSH. This is different from AWS EC2's (arguably better) approach of creating a new user account (called "ec2-user") upon instance creation.
The script below will:
- create a new user account with root privileges,
- copy the authorized SSH keys from the root user, and
- disable SSH root login.
I hereby claim:
- I am stringlytyped on github.
- I am stringlytyped (https://keybase.io/stringlytyped) on keybase.
- I have a public key whose fingerprint is B2F9 7942 D842 74B2 EB23 5D18 75F9 C61A AB58 277C
To claim this, I am signing this object: