{"id":22325113,"url":"https://github.com/rogercoll/go-lsm","last_synced_at":"2025-03-26T05:44:05.460Z","repository":{"id":57626226,"uuid":"401099403","full_name":"rogercoll/go-lsm","owner":"rogercoll","description":"Check and modify basic features of different Linux Security Modules. WIP","archived":false,"fork":false,"pushed_at":"2021-09-03T13:13:48.000Z","size":29,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-03-20T14:52:48.122Z","etag":null,"topics":["golang","linux-security-module","lsm"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/rogercoll.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2021-08-29T17:17:13.000Z","updated_at":"2021-09-03T13:13:51.000Z","dependencies_parsed_at":"2022-08-31T07:11:21.167Z","dependency_job_id":null,"html_url":"https://github.com/rogercoll/go-lsm","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rogercoll%2Fgo-lsm","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rogercoll%2Fgo-lsm/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rogercoll%2Fgo-lsm/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rogercoll%2Fgo-lsm/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/rogercoll","download_url":"https://codeload.github.com/rogercoll/go-lsm/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245598310,"owners_count":20641884,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["golang","linux-security-module","lsm"],"created_at":"2024-12-04T02:10:21.025Z","updated_at":"2025-03-26T05:44:05.434Z","avatar_url":"https://github.com/rogercoll.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Go Linux Security Modules\n\n[![Build Status](https://github.com/rogercoll/go-lsm/workflows/Lint%20and%20Test/badge.svg)](https://github.com/rogercoll/go-lsm/actions?workflow=Lint%20and%20Test)\n[![GoDoc](https://godoc.org/github.com/rogercoll/go-lsm?status.svg)](https://godoc.org/github.com/rogercoll/go-lsm)\n\nGo-wrapper around **Linux Security Modules** basic operations. \n\n## Coverage\n\n- [x] AppArmor\n- [x] Lockdown\n- [ ] LoadPin\n- [ ] SELinux\n- [ ] Smack\n- [ ] TOMOYO\n- [x] Yama\n\n## Install\n\nIn order to intercat with SELinux we need the `selinux.h` header file in our system.\n\nDebian:\n\n```\napt install libselinux1-dev\n```\n\n## Usage\n\n```go\nimport \"github.com/rogercoll/go-lsm\"\n```\n\nConstruct a new LSM config, then use the various methods to access different parts of the system Linux Security modules configuration. For example, to get all loaded security modules:\n\n```go\nl, err := lsm.NewDefaultConfig()\nif err != nil {\n  log.Fatalf(\"Failed to create default config: %v\", err)\n}\nmodules, err := l.GetLoadedModules()\n```\n\n### Loaded VS Active\n\nMultiple linux security modules can loaded in a system, but they can not be enabled. With the default configuration some of the modules would be loaded but not actually securing the system, as they might need a more restrictive configuration. \n\nFor example, `lockdown` can be loaded but with no additional configuration no security tasks are performed, thus it is not active.\n\nA function is provided for each covered lsm to check whether it is active with at least the less restrictive mode (but still restrictive!) or not, for example:\n\n```go\nyactive, err := l.IsYamaActive()\nif err != nil {\n  log.Fatalf(\"Failed to check whether yama is securing the system or not: %v\", err)\n}\nlactive, err := l.IsLockdownActive()\n...\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frogercoll%2Fgo-lsm","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frogercoll%2Fgo-lsm","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frogercoll%2Fgo-lsm/lists"}