Port details |
- imds-filterd Provides per user/group access controls to the EC2 IMDS
- 0.1 security =2 0.1Version of this port present on the latest quarterly branch.
- Maintainer: cperciva@FreeBSD.org
- Port Added: 2020-01-27 09:01:24
- Last Update: 2022-09-07 21:58:51
- Commit Hash: fb16dfe
- People watching this port, also watch:: jdictionary, py311-Automat, py311-python-gdsii, py39-PyOpenGL, p5-Sane
- License: BSD2CLAUSE
- WWW:
- https://github.com/cperciva/imds-filterd
- Description:
- imds-filterd (pronounced "I M D S Filter D") is a pair of utilities which
work together to intercept and filter requests to the EC2 Instance Metadata
Service -- or theoretically any other service at 169.254.169.254:80.
It validates requests against a configured ruleset which specifies whether
given users and groups should be allowed or denied access to certain prefixes
in the Instance Metadata Service. For example, "root" could be granted
access to everything; most unprivileged users granted access to everything
except IAM role credentials; but the www user denied access to the entire
Instance Metadata Service in order to guard against SSRF and similar attacks.
- ¦ ¦ ¦ ¦
- Manual pages:
- FreshPorts has no man page information for this port.
- pkg-plist: as obtained via:
make generate-plist - Dependency lines:
-
- imds-filterd>0:security/imds-filterd
- To install the port:
- cd /usr/ports/security/imds-filterd/ && make install clean
- To add the package, run one of these commands:
- pkg install security/imds-filterd
- pkg install imds-filterd
NOTE: If this package has multiple flavors (see below), then use one of them instead of the name specified above.- PKGNAME: imds-filterd
- Flavors: there is no flavor information for this port.
- distinfo:
- TIMESTAMP = 1580074291
SHA256 (cperciva-imds-filterd-0.1_GH0.tar.gz) = e0e8b28046b2a917e110d1313242947aa6901635e81552107ab2f6a2fba83441
SIZE (cperciva-imds-filterd-0.1_GH0.tar.gz) = 64011
Packages (timestamps in pop-ups are UTC):
- This port has no dependencies.
- There are no ports dependent upon this port
Configuration Options:
- ===> The following configuration options are available for imds-filterd-0.1:
DOCS=on: Build and/or install documentation
===> Use 'make config' to modify these settings
- Options name:
- security_imds-filterd
- pkg-message:
- For install:
- To enable imds-filterd, add imds_filterd_enable=YES to /etc/rc.conf.
To configure imds-filterd, edit $PREFIX/etc/imds.conf.
imds-filterd ships with configurations for syslogd and newsyslog which log
accesses to the Instance Metadata Service to /var/log/imds.log and rotate
this file upon reaching 1 MB; these settings can be modified via
$PREFIX/etc/{syslog.d, newsyslog.conf.d}/imds.conf.
- Master Sites:
|
Commit History - (may be incomplete: for full details, see links to repositories near top of page) |
Commit | Credits | Log message |
07 Sep 2022 21:58:51 |
Stefan Eßer (se) |
Remove WWW entries moved into port Makefiles
Commit b7f05445c00f has added WWW entries to port Makefiles based on
WWW: lines in pkg-descr files.
This commit removes the WWW: lines of moved-over URLs from these
pkg-descr files.
Approved by: portmgr (tcberner) |
0.1 07 Sep 2022 21:10:59 |
Stefan Eßer (se) |
Add WWW entries to port Makefiles
It has been common practice to have one or more URLs at the end of the
ports' pkg-descr files, one per line and prefixed with "WWW:". These
URLs should point at a project website or other relevant resources.
Access to these URLs required processing of the pkg-descr files, and
they have often become stale over time. If more than one such URL was
present in a pkg-descr file, only the first one was tarnsfered into
the port INDEX, but for many ports only the last line did contain the
port specific URL to further information.
There have been several proposals to make a project URL available as
a macro in the ports' Makefiles, over time.
(Only the first 15 lines of the commit message are shown above ) |
0.1 07 Apr 2021 08:09:01 |
Mathieu Arnold (mat) |
One more small cleanup, forgotten yesterday.
Reported by: lwhsu |
0.1 06 Apr 2021 14:31:07 |
Mathieu Arnold (mat) |
Remove # $FreeBSD$ from Makefiles. |
0.1 27 Jan 2020 09:01:16 |
cperciva |
Add imds-filterd.
The imds-filterd tool allows administrators of EC2 instances to lock down
which data from the Instance Metadata Service can be accessed by specified
system users and groups, thereby making the EC2 Instance Metadata Service
compatible with traditional UNIX privilege separation.
Reviewed by: otis, dizzy, lwhsu
Sponsored by: Tarsnap Backup Inc. |