check out raven
This commit is contained in:
parent
dcbbede792
commit
03f37e3c74
@ -32,7 +32,7 @@ sudo tang-show-keys /var/db/tang
|
|||||||
- Client verifies Tang's identity through signed advertisements
|
- Client verifies Tang's identity through signed advertisements
|
||||||
|
|
||||||
### Request Logging
|
### Request Logging
|
||||||
To log all unlock requests (for future approval system):
|
To log all unlock requests:
|
||||||
|
|
||||||
1. Create a wrapper script:
|
1. Create a wrapper script:
|
||||||
```bash
|
```bash
|
||||||
@ -49,6 +49,8 @@ exec /usr/libexec/tangd "$@"
|
|||||||
echo "$TIMESTAMP: Request auto-approved" >> /var/log/tang-requests.log
|
echo "$TIMESTAMP: Request auto-approved" >> /var/log/tang-requests.log
|
||||||
```
|
```
|
||||||
|
|
||||||
|
Or use the wrapper provided by [raven](https://git.dominik-roth.eu/dodox/raven) to refuse unlocks upon it's activation.
|
||||||
|
|
||||||
2. Make it executable:
|
2. Make it executable:
|
||||||
```bash
|
```bash
|
||||||
sudo chmod +x /usr/local/bin/tangd-wrapper
|
sudo chmod +x /usr/local/bin/tangd-wrapper
|
||||||
|
|||||||
@ -16,6 +16,8 @@ Secure Fedora Server setup with LUKS encryption, TPM, and BTRFS RAID1 with focus
|
|||||||
- Dedicated database subvolume with `nodatacow` and `noatime`
|
- Dedicated database subvolume with `nodatacow` and `noatime`
|
||||||
- Automated deployment to Hetzner
|
- Automated deployment to Hetzner
|
||||||
|
|
||||||
|
If you need a dead man's switch to go along with it check out [raven](https://git.dominik-roth.eu/dodox/raven).
|
||||||
|
|
||||||
## Security Model
|
## Security Model
|
||||||
|
|
||||||
### Unlock Methods
|
### Unlock Methods
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user