Menu
I am trying to set up Linux IMA in RHEL with the help of this guide http://linux-ima.sourceforge.net/linux-ima-content.html-20110907 . I would like to set up the system such that sensitive files of my choosing are remeasured if the file has changed (I'm stuck in the section relating to re-measuring files). My /etc/fstab looks like this:
UUID=c8dbe0a9-8c0c-4aba-adff-bcf2dd4640da / ext4,iversion defaults 1 1
UUID=b1762b74-d517-4293-8b49-cdc06b94d78c /boot ext3 defaults 1 2
UUID=8c6b8003-7176-4cf4-ae23-a124f8768c36 swap swap defaults 0 0
When I check the measurement list, in /sys/kernel/security/ima/ascii_runtime_measurements I only see one entry as below:
10 3f0d6c1e772444096d975aba704a10e4820eabab ima 7b739f0b35c61d68bd664d352b6631c366aee34f boot_aggregate
I do not observe any other measurements showing up, even if I change some files in /etc/ or do other actions. Any thoughts on what could be going wrong?
412
You should provide the kernel with an ima policy.
"ima_tcb" is the default policy which can be specified as command line argument to the kernel (https://sourceforge.net/p/linux-ima/wiki/Home/#controlling-ima).
If you need to specify your own policy, you should put it into <securityfs>/ima/policy (https://sourceforge.net/p/linux-ima/wiki/Home/#defining-an-lsm-specific-policy).
61
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
