blob: 4f9a0ff85984ef2d4cb7e9a1fb02cccc8b387b69 (
plain)
1
2
3
4
5
6
7
8
9
10
|
These are a couple of scripts used to manage the digital signing of AIDE
databases. The script check_sign_aide.sh is installed on one central server,
where the various signatures will be managed and stored. The script uses SSH
to login to each remote server using public-key authentication. Because these
operations need to happen as root on each remote machine, root's
authorized_keys file on each remote machine should have a forced command
something like the following for the key of the central server handling the
signing:
command="/root/bin/check_sign_aide_wrapper.sh",no-port-forwarding,no-X11-forwarding,no-pty,from="server.example.com"
|
