2004-04-09: Version 0.4 Beta available for download
(Debian/unstable packages available).
2003-12-08: Version 0.3 Alpha available for download.
2003-09-08: Version 0.2 Alpha available for download.
The Enforcer is a Linux Security Module designed to improve integrity of a computer running Linux by ensuring no tampering of the file system. It can interact with TCPA hardware to provide higher levels of assurance for software and sensitive data.
It can check, as every file is opened, if the file has been changed, and take an admin specified action when it detects tampering. The actions can be any combination of log the error, deny access to the file, panic the system, or several operations that work with the TPM.
The Enforcer can also work with the TPM to store the secret to an encrypted loopback file system, and unmount this file system when a tampered file is detected. The secret will not be accessible to mount the loopback file system until the machine has been rebooted with untampered files. This allows sensitive data to be protected from an attacker.
The Enforcer can also bind specific files so that only specific applications can access them (for example, only apache is allowed to access apache's secret ssl key). This means that even if someone compromises your system, the attacker will not be able to steal critical files.
Finally, the Enforcer can make sure that no files added to directories after its database is built are allowed to be accessed.
See the Dartmouth College Technical Report TR2003-476 for more information.
Files can be downloaded from SourceForge.
Please note that this is an early beta release. Please report any bugs/issues you have via the SourceForge bug tracking system.
SOURCEFORGE PROJECT HOME PAGE: http://sourceforge.net/projects/enforcer/