On Mon, Jun 29, 2009 at 4:11 AM, Mimi Zohar <zohar@linux.vnet.ibm.com> wrote:
On Sat, 2009-06-27 at 12:45 +0600, waqar afridi wrote:
>
>
> On Fri, Jun 26, 2009 at 5:32 PM, Subrata Modak
> <subrata@linux.vnet.ibm.com> wrote:
>
>         On Thu, 2009-06-25 at 08:04 -0400, Mimi Zohar wrote:
>         > On Thu, 2009-06-25 at 16:17 +0530, Subrata Modak wrote:
>         > > On Thu, 2009-06-25 at 16:39 +0600, waqar afridi wrote:
>         > > >
>         > > >
>         > > > On Thu, Jun 25, 2009 at 3:11 PM, Subrata Modak
>         > > > <subrata@linux.vnet.ibm.com> wrote:
>         > > >         On Thu, 2009-06-25 at 13:00 +0600, waqar afridi
>         wrote:
>         > > >         > Hi All
>         > > >         >
>         > > >         > I have downloaded ltp-full-20090531.tgz and
>         installed it
>         > > >         using the
>         > > >         > commands make autotools, ./configure, make
>         all, make
>         > > >         install. but when
>         > > >         > I try to run a test like
>         > > >         >
>         > > >         > # ./ima_tpm.sh
>         > > >         > ./ima_tpm.sh: 163: source: not found
>         > > >         > ./ima_tpm.sh: 164: setup: not found
>         > > >         >
>         > > >         > I get the error above. What could be the
>         problem,
>         > > >         Desperately need
>         > > >         > help.

I'm not sure as the lines 163/164 from
http://ltp.cvs.sourceforge.net/viewvc/ltp/ltp/testcases/kernel/security/integrity/ima/tests/ima_tpm.sh?revision=1.1&view=markup

 163
 164 # Function:     main

>From ltp-full-20090531, could you run the tests as: "./runltp -f ima"?

Some messages similar to what Afridi reported like "source: not found" and "setup: not found" are still there. I am not snipping anything to be careful not to miss anything!

root@shaz-desktop:~/ltp-full-20090531# ./runltp -f ima
INFO: creating /home/shaz/ltp-full-20090531/output directory
INFO: creating /home/shaz/ltp-full-20090531/results directory
If some fields are empty or look unusual you may have an old version.
Compare to the current minimal requirements in Documentation/Changes.
 

Checking for required user/group ids

'nobody' user id and group found.
'bin' user id and group found.
'daemon' user id and group found.
Users group found.
Sys group found.
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=9.04
DISTRIB_CODENAME=jaunty
DISTRIB_DESCRIPTION="Ubuntu 9.04"
Linux shaz-desktop 2.6.30 #1 SMP Thu Jun 25 16:57:42 PKST 2009 i686 GNU/Linux
 

Required users/groups exist.
Gnu C                  gcc (Ubuntu 4.3.3-5ubuntu4) 4.3.3
Gnu make               3.81
util-linux             rc1)
mount                  rc1 (with libblkid support)
modutils               3.7-pre9
e2fsprogs              1.41.4
PPP                    2.4.5
Linux C Library        > libc.2.9
Dynamic linker (ldd)   2.9
Procps                 3.2.7
Net-tools              1.60
Kbd                    1.14.1
Sh-utils               6.10
Modules Loaded         aes_i586 aes_generic i915 binfmt_misc drm i2c_algo_bit ppdev bridge stp bnep video output lp parport snd_hda_codec_analog arc4 ecb snd_hda_intel ath5k snd_hda_codec snd_pcm_oss mac80211 snd_mixer_oss snd_pcm snd_seq_dummy snd_seq_oss snd_seq_midi snd_rawmidi snd_seq_midi_event snd_seq led_class snd_timer psmouse snd_seq_device cfg80211 snd serio_raw intel_agp soundcore pcspkr iTCO_wdt joydev snd_page_alloc agpgart iTCO_vendor_support ohci1394 ieee1394 usbhid e1000e

free reports:
             total       used       free     shared    buffers     cached
Mem:       3059264     527488    2531776          0      14980     262708
-/+ buffers/cache:     249800    2809464
Swap:            0          0          0

/proc/cpuinfo
processor    : 0
vendor_id    : GenuineIntel
cpu family    : 6
model        : 23
model name    : Intel(R) Core(TM)2 Quad CPU    Q8200  @ 2.33GHz
stepping    : 10
cpu MHz        : 1998.000
cache size    : 2048 KB
physical id    : 0
siblings    : 4
core id        : 0
cpu cores    : 4
apicid        : 0
initial apicid    : 0
fdiv_bug    : no
hlt_bug        : no
f00f_bug    : no
coma_bug    : no
fpu        : yes
fpu_exception    : yes
cpuid level    : 13
wp        : yes
flags        : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe nx lm constant_tsc arch_perfmon pebs bts pni dtes64 monitor ds_cpl est tm2 ssse3 cx16 xtpr pdcm sse4_1 xsave lahf_lm
bogomips    : 4665.57
clflush size    : 64
power management:

processor    : 1
vendor_id    : GenuineIntel
cpu family    : 6
model        : 23
model name    : Intel(R) Core(TM)2 Quad CPU    Q8200  @ 2.33GHz
stepping    : 10
cpu MHz        : 1998.000
cache size    : 2048 KB
physical id    : 0
siblings    : 4
core id        : 1
cpu cores    : 4
apicid        : 1
initial apicid    : 1
fdiv_bug    : no
hlt_bug        : no
f00f_bug    : no
coma_bug    : no
fpu        : yes
fpu_exception    : yes
cpuid level    : 13
wp        : yes
flags        : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe nx lm constant_tsc arch_perfmon pebs bts pni dtes64 monitor ds_cpl est tm2 ssse3 cx16 xtpr pdcm sse4_1 xsave lahf_lm
bogomips    : 4666.41
clflush size    : 64
power management:

processor    : 2
vendor_id    : GenuineIntel
cpu family    : 6
model        : 23
model name    : Intel(R) Core(TM)2 Quad CPU    Q8200  @ 2.33GHz
stepping    : 10
cpu MHz        : 1998.000
cache size    : 2048 KB
physical id    : 0
siblings    : 4
core id        : 2
cpu cores    : 4
apicid        : 2
initial apicid    : 2
fdiv_bug    : no
hlt_bug        : no
f00f_bug    : no
coma_bug    : no
fpu        : yes
fpu_exception    : yes
cpuid level    : 13
wp        : yes
flags        : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe nx lm constant_tsc arch_perfmon pebs bts pni dtes64 monitor ds_cpl est tm2 ssse3 cx16 xtpr pdcm sse4_1 xsave lahf_lm
bogomips    : 4666.43
clflush size    : 64
power management:

processor    : 3
vendor_id    : GenuineIntel
cpu family    : 6
model        : 23
model name    : Intel(R) Core(TM)2 Quad CPU    Q8200  @ 2.33GHz
stepping    : 10
cpu MHz        : 1998.000
cache size    : 2048 KB
physical id    : 0
siblings    : 4
core id        : 3
cpu cores    : 4
apicid        : 3
initial apicid    : 3
fdiv_bug    : no
hlt_bug        : no
f00f_bug    : no
coma_bug    : no
fpu        : yes
fpu_exception    : yes
cpuid level    : 13
wp        : yes
flags        : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe nx lm constant_tsc arch_perfmon pebs bts pni dtes64 monitor ds_cpl est tm2 ssse3 cx16 xtpr pdcm sse4_1 xsave lahf_lm
bogomips    : 4666.43
clflush size    : 64
power management:

remove test cases which require the block device.
You can specify it with option -b
-e LOG File: /home/shaz/ltp-full-20090531/results/LTP_RUN_ON-2009_Jun_29-11h_37m_39s.log
-e FAILED COMMAND File: /home/shaz/ltp-full-20090531/output/LTP_RUN_ON-2009_Jun_29-11h_37m_39s.failed
Running tests.......
<<<test_start>>>
tag=ima01 stime=1246253859
cmdline="  ima_measurements.sh"
contacts=""
analysis=exit
initiation_status="ok"
<<<test_output>>>
/home/shaz/ltp-full-20090531/testcases/bin/ima_measurements.sh: 170: source: not found
/home/shaz/ltp-full-20090531/testcases/bin/ima_measurements.sh: 171: setup: not found
<<<execution_status>>>
duration=0 termination_type=exited termination_id=0 corefile=no
cutime=0 cstime=0
<<<test_end>>>
<<<test_start>>>
tag=ima02 stime=1246253859
cmdline="  ima_policy.sh"
contacts=""
analysis=exit
initiation_status="ok"
<<<test_output>>>
/home/shaz/ltp-full-20090531/testcases/bin/ima_policy.sh: 158: source: not found
/home/shaz/ltp-full-20090531/testcases/bin/ima_policy.sh: 159: setup: not found
<<<execution_status>>>
duration=0 termination_type=exited termination_id=0 corefile=no
cutime=0 cstime=0
<<<test_end>>>
<<<test_start>>>
tag=ima03 stime=1246253859
cmdline="  ima_tpm.sh"
contacts=""
analysis=exit
initiation_status="ok"
<<<test_output>>>
/home/shaz/ltp-full-20090531/testcases/bin/ima_tpm.sh: 163: source: not found
/home/shaz/ltp-full-20090531/testcases/bin/ima_tpm.sh: 164: setup: not found
<<<execution_status>>>
duration=0 termination_type=exited termination_id=0 corefile=no
cutime=0 cstime=0
<<<test_end>>>
<<<test_start>>>
tag=ima04 stime=1246253859
cmdline="  ima_violations.sh"
contacts=""
analysis=exit
initiation_status="ok"
<<<test_output>>>
incrementing stop
/home/shaz/ltp-full-20090531/testcases/bin/ima_violations.sh: 178: source: not found
/home/shaz/ltp-full-20090531/testcases/bin/ima_violations.sh: 179: setup: not found
<<<execution_status>>>
duration=0 termination_type=exited termination_id=0 corefile=no
cutime=0 cstime=1
<<<test_end>>>
INFO: ltp-pan reported all tests PASS
LTP Version: LTP-20090531
       
       ###############################################################"
       
            Done executing testcases."
            LTP Version:  LTP-20090531
       ###############################################################"
      
root@shaz-desktop:~/ltp-full-20090531#
   
 


>         > > >
>         > > >         Look through:
>         > > >
>         http://ltp.cvs.sourceforge.net/viewvc/ltp/ltp/testcases/kernel/security/integrity/ima/README,
>         > > >         on instructions to setup before executing those
>         tests.
>         > > >
>         > > > I already have done these steps. but I think  the
>         problem will be with
>         > > > mounting partition with iversion support(I have done
>         this too, added
>         > > > iversion to fstab). I am not clear about whats iversion,
>         so thats why
>         > > > I am going to clear my Idea about iversion. but if some
>         body can help
>         > > > with both the problem and iversion, I will be very
>         thankful.
>         > >
>         > > Mimi,
>         > >
>         > > Can you please help Afridi ?
>         > >
>         > > Regards--
>         > > Subrata
>         >
>         > Sure.  I'm in the process of updating the web site
>         > http://linux-ima.sourceforge.net/, but it is a good place to
>         start.
>         > There's also IMA mailing lists
>         > http://sourceforge.net/projects/linux-ima.
>
>
>         Thanks. I am going to put this info as well on:
>         http://ltp.cvs.sourceforge.net/viewvc/ltp/ltp/testcases/kernel/security/integrity/ima/README
>
>
>         Regards--
>         Subrata
>
>
>         >
>         > Mimi
>         >
>         > > >
>         > > >
>         > > >
>         > > >         Regards--
>         > > >         Subrata
>         > > >
>         > > >         >
>         > > >         > --
>         > > >         > Waqar Afridi
>         > > >         > Research Associate
>         > > >         > Member: Security Engineering Research Group
>         (SERG)
>         > > >         > IM | Sciences Peshawar
>         > > >
>         > > >         >
>         > > >
>         ------------------------------------------------------------------------------
>         > > >         >
>         _______________________________________________
>         > > >         > Ltp-list mailing list
>         > > >         > Ltp-list@lists.sourceforge.net
>         > > >         >
>         https://lists.sourceforge.net/lists/listinfo/ltp-list
>         > > >
>         > > >
>         > > >
>         > > >
>         > > > --
>         > > > Waqar Afridi
>         > > > Research Associate
>         > > > Member: Security Engineering Research Group (SERG)
>         > > > IM | Sciences Peshawar
>         > >
>         >
>
>
>
> I forgot to mention that I am using Ubuntu 9.04, and their is no
> auditd, but in README it was stated that in case if we have auditd
> then we will have to patch it. Does these things have something to do
> with it,

Without auditing, the msgs should be in /var/log/messages.

> The line of fstab is
>
> # / was on /dev/sda1 during installation
> UUID=4aff6b42-ccde-4a54-9b58-da77e94e8372 /               ext3
> relatime,errors=remount-ro,iversion 0       1
>
> but i have also tried "mount -n -o remount,rw,iversion /" manully. It
> did not report any error. so what could be the problem.

Before adding i_version support, lets make sure the IMA measurement list
exists. You'll need to mount securityfs.  Add the following line
to /etc/fstab:

securityfs              /sys/kernel/security    securityfs defaults     0 0

As securityfs files can only be read by root, you'll need to view the
IMA measurement list as root:

su -c 'cat /sys/kernel/security/ima/ascii_runtime_measurements'

The first 10 lines should look something like this:

10 7971593a7ad22a7cce5b234e4bc5d71b04696af4 ima b5a166c10d153b7cc3e5b4f1eab1f71672b7c524 boot_aggregate
10 2c7020ad8cab6b7419e4973171cb704bdbf52f77 ima e09e048c48301268ff38645f4c006137e42951d0 /init
10 ef7a0aff83dd46603ebd13d1d789445365adb3b3 ima 0f8b3432535d5eab912ad3ba744507e35e3617c1 /init
10 247dba6fc82b346803660382d1973c019243e59f ima 747acb096b906392a62734916e0bb39cef540931 ld-2.9.so
10 341de30a46fa55976b26e55e0e19ad22b5712dcb ima 326045fc3d74d8c8b23ac8ec0a4d03fdacd9618a ld.so.cache
10 78bd3f605d53111aeb0ff3dd44b2eba8586e8626 ima 52ac5da573595ac0804f9e54ba4bf8c446c6b803 libnash.so.6.0.71
10 971df3483b50e89ee2685c4c2ff178923bf0e7f5 ima 530973299e3888233d00cf9a82ac614e3d08a107 libbdevid.so.6.0.71
10 c3ec0e0379aece05e819c0caa10cf0d55da7e99e ima 275a2b138888ec42ae880ecbb4b17a16f4fff363 libdevmapper.so.1.02
10 10df829c1c4c59520299da8898b3c73608978cd3 ima b0a889ac403277a070699748bcd795ea39891fb6 libparted-1.8.so.8.0.0
10 b82d233e5a098e8e4948aabf3595c18a3541d40a ima 303510d38e827a6e2cb8fa43fbf10792ccf7ffc2 libblkid.so.1.0
10 4e46623f457d47cae48fd2cb839a5bf057e22842 ima 3b99b61fa8fe50be2b2556b3e45ec877276f29ad libselinux.so.1

My ascii_runtime_measurements "without TPM" and trsuted grub:

root@shaz-desktop:/sys/kernel/security/ima# cat ascii_runtime_measurements
10 0000000000000000000000000000000000000000 ima 0000000000000000000000000000000000000000 boot_aggregate
10 8a11aa2017bfdf52ae1ab8cfb277fc651bc7d611 ima e6d56d44e22b8f6b783c039d45703e8fd28cb796 /init
10 a078e19e5ea2bf75ed353fc6613f7132863618d5 ima 3d90e18f67f1c580c1212126a3c22cf07c7288dd /init
10 089c6ce6198fee74262cf4244ffdea98a2392ded ima 3d90e18f67f1c580c1212126a3c22cf07c7288dd /bin/busybox
10 c69571a6b6185b474fa7437cb2b31253721824d4 ima 7e9431ee7bcbe0c4ea0054baf84672fdff7d6391 arch.conf
10 3d0d130a199ea78a53fc52f4913d28f5d0da8910 ima 0ec1deb5c2338808cf9dd31a0b16473d273fb570 initramfs.conf
10 71fc6cf0e268c0ffad291eaa1ce49ab14b6e39de ima a1550fe2ce2f915eac8786d1d693141072feea87 functions
10 a14f597eb53f1a12725c9f772229f59c0de61110 ima ad273a22d013fab039459654369b40e47a6e04ac /sbin/depmod
10 30b51606815deb8bb6c9d1a17db33eb8e5ce1465 ima b9269024f4129804673f366b5a67061f54d7be3f ld-linux.so.2
10 e978baf0c895be2b32a803e200b15b9c4a5d3464 ima 803088880d0abdda917385e88a9ac1ed61ce0f71 libc.so.6
10 470ccc4179c13da27c13e4bcf9bb1367b63b012f ima 9e53db1ab4d05f104b35a42221625a093c16c611 lockd.ko
10 f0405e7911c81ca501a1b811f674a613e3b4383c ima f0304e84a02bc10731ed1073523de0eea2e225e3 nfs_acl.ko
10 81266f0acf890d0f958da808d49213623b7ee155 ima 66a73677f13c8c0c8c76188c840972cd9dd1a6cd nls_cp437.ko
10 7a539d4fa73ed128db796cd3e79f4226d2c36593 ima ef12d9b3d9b8a4e79505168e9873e1c94d500933 nls_iso8859-1.ko
10 51b1cb6c671368385ae52d74f656e84ff975cd3c ima 6767b00f5aa5a1803ebe5c707ac192b8d87380c3 configfs.ko
10 3008c3239e9e6dfc4e1b3336ef418a932a093633 ima 7e64c2ce2d5f34d6cc542e282879378f1529f0a1 /sbin/modprobe
10 f5e2aba9248a17633fc341c199a9eb86a3ca1693 ima 709bd18ab94b438ab5a574c30bcd6ea5d7e148e3 alsa-base.conf
10 eaeba19e41595a15ff66099c5b8fcfbaa6af9314 ima cd74d302e42741adff5d34a3f68e829ae5c25af1 blacklist-ath_pci.conf
10 e6f518d4099550322a8f15eb78c96527db01c8cf ima da2ce35e655ad5e5d5cf1cab4c543f2e1faccc86 blacklist-firewire.conf


 

1st field - the IMA PCR register
2nd field - SHA1 hash of the IMA template
           (SHA1 file data hash, file name hint)
3rd field - template name
4th field - SHA1 hash of the file data

Mimi



------------------------------------------------------------------------------
_______________________________________________
Linux-ima-user mailing list
Linux-ima-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-ima-user



--
Shaz