From: Mimi Z. <zo...@li...> - 2011-08-04 22:38:28
|
On Thu, 2011-08-04 at 10:55 -0700, David Li wrote: > Hi Mimi, > > > My HS22 is running RHEL6: > > > -bash-4.1# uname -r > 2.6.32-131.6.1.el6.cs.x86_64 > > > The machine is PXEBooted: > > > -bash-4.1# cat /proc/cmdline > initrd=initramfs-2.6.32-131.6.1.el6.cs.x86_64.img mem=8G root=<xyz> rw > BOOT_IMAGE=vmlinuz-2.6.32-131.6.1.el6.cs.x86_64 IMA is enabled in RHEL6 by default, but to collect measurements requires replacing the null policy with the TCB one, by specifying the 'ima_tcb' boot command line parameter. In addition, you might need to specify the 'ima=on' parameter as well. Instead of downloading the individual IMA test programs and the LTP 'glue' (eg. include files, definitions and stub functions) separately, the new ltp-ima-standalone tar file includes the IMA tests. (http://downloads.sf.net/project/linux-ima/linux-ima/ltp-ima-standalone.tar.gz) (The IMA LTP test programs require the openssl and openssl-devel packages.) thanks, Mimi |