- imds-filterd Provides per user/group access controls to the EC2 IMDS
- 0.1 security =0 0.1Version of this port present on the latest quarterly branch.
- Maintainer: cperciva@FreeBSD.org
- Port Added: 2020-01-27 09:01:24
- Last Update: 2021-04-07 08:09:01
- Commit Hash: cf118cc
- License: BSD2CLAUSE
- imds-filterd (pronounced "I M D S Filter D") is a pair of utilities which
work together to intercept and filter requests to the EC2 Instance Metadata
Service -- or theoretically any other service at 169.254.169.254:80.
It validates requests against a configured ruleset which specifies whether
given users and groups should be allowed or denied access to certain prefixes
in the Instance Metadata Service. For example, "root" could be granted
access to everything; most unprivileged users granted access to everything
except IAM role credentials; but the www user denied access to the entire
Instance Metadata Service in order to guard against SSRF and similar attacks.
- SVNWeb : git : Homepage
- pkg-plist: as obtained via:
- Dependency lines:
- To install the port: cd /usr/ports/security/imds-filterd/ && make install clean
- To add the package, run one of these commands:
- pkg install security/imds-filterd
- pkg install imds-filterd
- PKGNAME: imds-filterd
- Flavors: there is no flavor information for this port.
- TIMESTAMP = 1580074291
SHA256 (cperciva-imds-filterd-0.1_GH0.tar.gz) = e0e8b28046b2a917e110d1313242947aa6901635e81552107ab2f6a2fba83441
SIZE (cperciva-imds-filterd-0.1_GH0.tar.gz) = 64011
- Packages (timestamps in pop-ups are UTC):
- There are no ports dependent upon this port
- Configuration Options:
- ===> The following configuration options are available for imds-filterd-0.1:
DOCS=on: Build and/or install documentation
===> Use 'make config' to modify these settings
- Options name:
- If installing:
- To enable imds-filterd, add imds_filterd_enable=YES to /etc/rc.conf.
To configure imds-filterd, edit $PREFIX/etc/imds.conf.
imds-filterd ships with configurations for syslogd and newsyslog which log
accesses to the Instance Metadata Service to /var/log/imds.log and rotate
this file upon reaching 1 MB; these settings can be modified via
- Master Sites:
Number of commits found: 3
|Commit History - (may be incomplete: see SVNWeb link above for full details)
|07 Apr 2021 08:09:01
One more small cleanup, forgotten yesterday.
Reported by: lwhsu
|06 Apr 2021 14:31:07
Remove # $FreeBSD$ from Makefiles.
|27 Jan 2020 09:01:16
The imds-filterd tool allows administrators of EC2 instances to lock down
which data from the Instance Metadata Service can be accessed by specified
system users and groups, thereby making the EC2 Instance Metadata Service
compatible with traditional UNIX privilege separation.
Reviewed by: otis, dizzy, lwhsu
Sponsored by: Tarsnap Backup Inc.
Number of commits found: 3