stringlytyped

How to Compile the Keylime Agent on Fedora

Contents

stringlytyped

Hello

Warning This is a warning

Hello

Note This is a note

stringlytyped

Roadmap to Push Model Support in Keylime

The Keylime integrity verification system currently operates on a pull, or server-initiated, basis whereby a verifier directs a number of enrolled nodes to attest their state to the server on a periodic basis. This model is not appropriate for enterprise environments, as each attested node thereby acts as an HTTP server. The requirement to open additional ports for each node and the associated increase in attack surface is unacceptable from a compliance and risk management perspective.

This document aims to outline the challenges that need to be overcome in order to support an alternate push model in which the nodes themselves are responsible for driving the attestation cycle. These include changes to the registration, enrolment and attestation protocols. We hope to elicit feedback from the Keylime community on these topics to arrive at a robust, forward-thinking solution which considers the latest developments in verification.

Thore Sommer (@THS-on) has p

stringlytyped

Disable Root Access on a DigitalOcean Droplet

DigitalOcean droplets (aka VMs) are configured to use the system's root account directly when accessing them over SSH. This is different from AWS EC2's (arguably better) approach of creating a new user account (called "ec2-user") upon instance creation.

The script below will:

1. create a new user account with root privileges,
2. copy the authorized SSH keys from the root user, and
3. disable SSH root login.

stringlytyped

Keybase proof

I hereby claim:

• I am stringlytyped on github.
• I am stringlytyped (https://keybase.io/stringlytyped) on keybase.
• I have a public key whose fingerprint is B2F9 7942 D842 74B2 EB23 5D18 75F9 C61A AB58 277C

To claim this, I am signing this object: