diff options
author | Colin Percival <cperciva@FreeBSD.org> | 2020-01-27 09:01:16 +0000 |
---|---|---|
committer | Colin Percival <cperciva@FreeBSD.org> | 2020-01-27 09:01:16 +0000 |
commit | c229fb7438bb19523ec1dfd2ed63f83a4976a5e5 (patch) | |
tree | 0d8260b154a3819d6a2528bfde1e20a2947d81c8 /security/imds-filterd/pkg-descr | |
parent | d845b59c1abb0881f655545f097e16f336330d0e (diff) | |
download | ports-c229fb7438bb19523ec1dfd2ed63f83a4976a5e5.tar.gz ports-c229fb7438bb19523ec1dfd2ed63f83a4976a5e5.zip |
Add imds-filterd.
The imds-filterd tool allows administrators of EC2 instances to lock down
which data from the Instance Metadata Service can be accessed by specified
system users and groups, thereby making the EC2 Instance Metadata Service
compatible with traditional UNIX privilege separation.
Reviewed by: otis, dizzy, lwhsu
Sponsored by: Tarsnap Backup Inc.
Notes
Notes:
svn path=/head/; revision=524248
Diffstat (limited to 'security/imds-filterd/pkg-descr')
-rw-r--r-- | security/imds-filterd/pkg-descr | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/security/imds-filterd/pkg-descr b/security/imds-filterd/pkg-descr new file mode 100644 index 000000000000..af8b6b6a54ee --- /dev/null +++ b/security/imds-filterd/pkg-descr @@ -0,0 +1,12 @@ +imds-filterd (pronounced "I M D S Filter D") is a pair of utilities which +work together to intercept and filter requests to the EC2 Instance Metadata +Service -- or theoretically any other service at 169.254.169.254:80. + +It validates requests against a configured ruleset which specifies whether +given users and groups should be allowed or denied access to certain prefixes +in the Instance Metadata Service. For example, "root" could be granted +access to everything; most unprivileged users granted access to everything +except IAM role credentials; but the www user denied access to the entire +Instance Metadata Service in order to guard against SSRF and similar attacks. + +WWW: http://github.com/cperciva/imds-filterd |