Security. Allow to run only executables with certain hash
Please make a system app, that will prevent strange executables and
wrappers to be launched.
For developers:
1. this app must allow an execution only executables with certain
hashes and deny execution of files, hashes of which are not prescribed
in a control file.
2. the control file (of list of allowed executables and their hashes)
and a configuration file of the app may be changed by 2 factor
authentication (by sending an email with 8-digits 1-hour living
password***** (do not forget a delay of 5 seconds against guessing the
password)) after a first configuration.
3. by installation of the app there must be a prompt to enter an email
for 2 factor authentication process, email server settings for ability
to send an email for 2 factor authentication.
4. for building a control file the app scans for all executables in
the os, makes their (for example, sha1) hashes and writes full path
and hash of each of them to the control file.
5. for stopping or killing the app must be the 2 factor authentication
I suppose, too (or write the source code of /bin/kill binary so that
if it is the app then nothing to do (pretermit action), but the
original `/bin/kill` binary one can copy to a usb flash drive with a
different name (for example, /media/ubuntu/usbflash/flwr) and if one
needs to kill the app then he connects the usb flash and copies that
binary /media/ubuntu/usbflash/flwr to the system and launches against
the app (but for prevent a theft of /media/ubuntu/usbflash/flwr using
for example, sh -c "while:; do sleep 10; inotifywait -rmq -e access
/media/ubuntu/usbflash/ | while read line; do cp $line /path/to/;done;
done" source code of /bin/cp or /bin/mv files can be written so that
they can copy or move /media/ubuntu/usbflash/flwr file only to
special path on the system not to somewhere else)).
Reply to: