Enforcer is a Linux security module designed to help improve integrity of a computer running Linux. The Enforcer provides a subset of Tripwire-like functionality. It runs continuously and as each protected file is opened its SHA1 is calculated and compared to a previously stored value. The Enforcer is designed to integrate with TCPA hardware to provide a secure boot when booted with a TCPA enabled boot loader. TCPA hardware can protect secrets and other sensitive data (for example, the secrets for an encrypted loopback file system) and bind those secrets to specific software.
|Tags||Security Operating System Kernels Linux Monitoring Boot|
|Operating Systems||POSIX Linux|
Release Notes: An administration tool that makes setup easy has been added. The ability to check the UID, GID, mode, mtime, nlink, size, and SHA1 of each file has been added. The ability to ignore specific attributes on specific files has been added. The ability to bind certain files so only specified applications can access them has been added. The ability to deny access to files that were added to specified directories after the database was built has been added. Debian/unstable packages are available.
Release Notes: Updates were made to take advantage of Linux 2.6+ kernel features such as native kernel crypto and the new build system. This means that this release only works with 2.6+. Some bugs were squashed, and some features were added. A user-space helper was written to mount an encrypted loopback filesystem where the encryption key is the secret protected by the TPM. Some stand alone programs that implement TCPA functions such as MakeIdentity, CertifyKey, etc. were written.
No changes have been submitted for this release.