Operating system security - 2langnic/GlobaLeaks GitHub Wiki
GlobaLeaks does implement several security features that are enforced trough the Operating System (Linux).
GlobaLeaks does run under a dedicated user and group "globaleaks" and is able to read/write by default only in /var/globaleaks/ directory where all the data managed by the application.
This is implemented by Debian packaging configuration.
GlobaLeaks have a very strict firewall rules that only allow inbound and outbound connections from 127.0.0.1 (where Tor is running with Tor Hidden Service).
This is implemented with iptables, part of /etc/init.d/globaleaks startup script.
GlobaLeaks does automatically apply network sandboxing to all outbound communications that get automatically "torrified" (sent trough Tor), being outbound tcp connections or dns query for name resolution.
This is implemented with iptables, part of /etc/init.d/globaleaks startup script.
GlobaLeaks is strictly sandboxed by the use of AppArmor, preventing the application from reading/writing outside what it's strictly required to run and preventing to run other applications. Even in case of application break-in, this will make extremely difficult for the attacker to do anything on the system.
This feature is better detailed here .
GlobaLeaks is distributed with a Debian Package that's digitally signed with GlobaLeaks Signing Key . This allow to securely install and upgrade globaleaks. The Installation Guide does explain how to do it.
Every software release is signed in two ways:
A tag is created upon release on GlobaLeaks.git. These tags are signed with
the personal PGP key of the developer signing the release.
The debian repository is then signed using the method described in the securing debian howto.
The PGP key being used is the following:
pub 4096R/24045008 2013-04-16 [expires: 2016-04-07]
Key fingerprint = B353 922A E445 7748 559E 7778 32E6 7926 2404 5008
uid GlobaLeaks software signing key <[email protected]>
sub 4096R/9D111F84 2013-04-16 [expires: 2016-04-07]