Menu
▾
▴
linux-ima-user — Q&A for users of IMA
This list is closed, nobody may subscribe to it.
| 2007 |
Jan
|
Feb
(10) |
Mar
(26) |
Apr
(8) |
May
(3) |
Jun
|
Jul
(26) |
Aug
(10) |
Sep
|
Oct
|
Nov
(2) |
Dec
(4) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2008 |
Jan
|
Feb
(13) |
Mar
(4) |
Apr
(3) |
May
(5) |
Jun
|
Jul
(7) |
Aug
(8) |
Sep
(5) |
Oct
(16) |
Nov
|
Dec
(6) |
| 2009 |
Jan
(2) |
Feb
|
Mar
(3) |
Apr
|
May
|
Jun
(19) |
Jul
(4) |
Aug
|
Sep
(13) |
Oct
(10) |
Nov
(12) |
Dec
(2) |
| 2010 |
Jan
|
Feb
(2) |
Mar
(17) |
Apr
(28) |
May
|
Jun
(17) |
Jul
(11) |
Aug
(12) |
Sep
(2) |
Oct
|
Nov
|
Dec
(1) |
| 2011 |
Jan
|
Feb
|
Mar
(20) |
Apr
(10) |
May
(1) |
Jun
|
Jul
|
Aug
(15) |
Sep
(14) |
Oct
(2) |
Nov
|
Dec
|
| 2012 |
Jan
(1) |
Feb
(53) |
Mar
(15) |
Apr
(4) |
May
(2) |
Jun
(13) |
Jul
|
Aug
|
Sep
(12) |
Oct
|
Nov
|
Dec
(6) |
| 2013 |
Jan
(7) |
Feb
(8) |
Mar
(4) |
Apr
(5) |
May
|
Jun
|
Jul
|
Aug
(5) |
Sep
(6) |
Oct
|
Nov
(5) |
Dec
(8) |
| 2014 |
Jan
(17) |
Feb
(24) |
Mar
(8) |
Apr
(7) |
May
(18) |
Jun
(15) |
Jul
(5) |
Aug
(2) |
Sep
(49) |
Oct
(28) |
Nov
(7) |
Dec
(30) |
| 2015 |
Jan
(40) |
Feb
|
Mar
(9) |
Apr
(2) |
May
(9) |
Jun
(31) |
Jul
(33) |
Aug
(5) |
Sep
(20) |
Oct
|
Nov
(3) |
Dec
(12) |
| 2016 |
Jan
(14) |
Feb
(29) |
Mar
(10) |
Apr
(4) |
May
(4) |
Jun
|
Jul
(5) |
Aug
(19) |
Sep
(21) |
Oct
(2) |
Nov
(36) |
Dec
(30) |
| 2017 |
Jan
(101) |
Feb
(12) |
Mar
(7) |
Apr
(2) |
May
(29) |
Jun
(22) |
Jul
(7) |
Aug
(93) |
Sep
(27) |
Oct
(39) |
Nov
|
Dec
|
|
From: Shaz <sha...@gm...> - 2009-06-29 13:15:09
|
On Mon, Jun 29, 2009 at 7:13 PM, Shaz <sha...@gm...> wrote: > > > On Mon, Jun 29, 2009 at 6:03 PM, Mimi Zohar <zo...@li...>wrote: > >> On Mon, 2009-06-29 at 11:52 +0600, Shaz wrote: >> > >> > >> > On Mon, Jun 29, 2009 at 4:11 AM, Mimi Zohar <zo...@li...> >> > wrote: >> > >> > On Sat, 2009-06-27 at 12:45 +0600, waqar afridi wrote: >> > > >> > > >> > > On Fri, Jun 26, 2009 at 5:32 PM, Subrata Modak >> > > <su...@li...> wrote: >> > > >> > > On Thu, 2009-06-25 at 08:04 -0400, Mimi Zohar wrote: >> > > > On Thu, 2009-06-25 at 16:17 +0530, Subrata Modak >> > wrote: >> > > > > On Thu, 2009-06-25 at 16:39 +0600, waqar afridi >> > wrote: >> > > > > > >> > > > > > >> > > > > > On Thu, Jun 25, 2009 at 3:11 PM, Subrata Modak >> > > > > > <su...@li...> wrote: >> > > > > > On Thu, 2009-06-25 at 13:00 +0600, >> > waqar afridi >> > > wrote: >> > > > > > > Hi All >> > > > > > > >> > > > > > > I have downloaded >> > ltp-full-20090531.tgz and >> > > installed it >> > > > > > using the >> > > > > > > commands make >> > autotools, ./configure, make >> > > all, make >> > > > > > install. but when >> > > > > > > I try to run a test like >> > > > > > > >> > > > > > > # ./ima_tpm.sh >> > > > > > > ./ima_tpm.sh: 163: source: not found >> > > > > > > ./ima_tpm.sh: 164: setup: not found >> > > > > > > >> > > > > > > I get the error above. What could be >> > the >> > > problem, >> > > > > > Desperately need >> > > > > > > help. >> > >> > >> > I'm not sure as the lines 163/164 from >> > >> http://ltp.cvs.sourceforge.net/viewvc/ltp/ltp/testcases/kernel/security/integrity/ima/tests/ima_tpm.sh?revision=1.1&view=markup >> > >> > 163 >> > 164 # Function: main >> > >> > >From ltp-full-20090531, could you run the tests as: "./runltp >> > -f ima"? >> > >> > Some messages similar to what Afridi reported like "source: not found" >> > and "setup: not found" are still there. I am not snipping anything to >> > be careful not to miss anything! >> >> Please check that 'make install' actually put the scripts in >> ~/src/ltp-full-20090531/bin. >> > > I don't have bin sub-directory in ltp-full-2009053 directory after make > install! > "make install" makes the dir layout like this: > ~/ltp-full-20090531/testcases/bin in our case. > Yes the scripts are there. > > > >> >> Thanks! >> >> Mimi >> >> > >> > > > -- > Shaz > > -- Shaz |
|
From: Shaz <sha...@gm...> - 2009-06-29 13:13:08
|
On Mon, Jun 29, 2009 at 6:03 PM, Mimi Zohar <zo...@li...>wrote: > On Mon, 2009-06-29 at 11:52 +0600, Shaz wrote: > > > > > > On Mon, Jun 29, 2009 at 4:11 AM, Mimi Zohar <zo...@li...> > > wrote: > > > > On Sat, 2009-06-27 at 12:45 +0600, waqar afridi wrote: > > > > > > > > > On Fri, Jun 26, 2009 at 5:32 PM, Subrata Modak > > > <su...@li...> wrote: > > > > > > On Thu, 2009-06-25 at 08:04 -0400, Mimi Zohar wrote: > > > > On Thu, 2009-06-25 at 16:17 +0530, Subrata Modak > > wrote: > > > > > On Thu, 2009-06-25 at 16:39 +0600, waqar afridi > > wrote: > > > > > > > > > > > > > > > > > > On Thu, Jun 25, 2009 at 3:11 PM, Subrata Modak > > > > > > <su...@li...> wrote: > > > > > > On Thu, 2009-06-25 at 13:00 +0600, > > waqar afridi > > > wrote: > > > > > > > Hi All > > > > > > > > > > > > > > I have downloaded > > ltp-full-20090531.tgz and > > > installed it > > > > > > using the > > > > > > > commands make > > autotools, ./configure, make > > > all, make > > > > > > install. but when > > > > > > > I try to run a test like > > > > > > > > > > > > > > # ./ima_tpm.sh > > > > > > > ./ima_tpm.sh: 163: source: not found > > > > > > > ./ima_tpm.sh: 164: setup: not found > > > > > > > > > > > > > > I get the error above. What could be > > the > > > problem, > > > > > > Desperately need > > > > > > > help. > > > > > > I'm not sure as the lines 163/164 from > > > http://ltp.cvs.sourceforge.net/viewvc/ltp/ltp/testcases/kernel/security/integrity/ima/tests/ima_tpm.sh?revision=1.1&view=markup > > > > 163 > > 164 # Function: main > > > > >From ltp-full-20090531, could you run the tests as: "./runltp > > -f ima"? > > > > Some messages similar to what Afridi reported like "source: not found" > > and "setup: not found" are still there. I am not snipping anything to > > be careful not to miss anything! > > Please check that 'make install' actually put the scripts in > ~/src/ltp-full-20090531/bin. > I don't have bin sub-directory in ltp-full-2009053 directory after make install! "make install" makes the dir layout like this: ~/ltp-full-20090531/testcases/bin in our case. > > Thanks! > > Mimi > > > -- Shaz |
|
From: Mimi Z. <zo...@li...> - 2009-06-29 12:03:45
|
On Mon, 2009-06-29 at 11:52 +0600, Shaz wrote: > > > On Mon, Jun 29, 2009 at 4:11 AM, Mimi Zohar <zo...@li...> > wrote: > > On Sat, 2009-06-27 at 12:45 +0600, waqar afridi wrote: > > > > > > On Fri, Jun 26, 2009 at 5:32 PM, Subrata Modak > > <su...@li...> wrote: > > > > On Thu, 2009-06-25 at 08:04 -0400, Mimi Zohar wrote: > > > On Thu, 2009-06-25 at 16:17 +0530, Subrata Modak > wrote: > > > > On Thu, 2009-06-25 at 16:39 +0600, waqar afridi > wrote: > > > > > > > > > > > > > > > On Thu, Jun 25, 2009 at 3:11 PM, Subrata Modak > > > > > <su...@li...> wrote: > > > > > On Thu, 2009-06-25 at 13:00 +0600, > waqar afridi > > wrote: > > > > > > Hi All > > > > > > > > > > > > I have downloaded > ltp-full-20090531.tgz and > > installed it > > > > > using the > > > > > > commands make > autotools, ./configure, make > > all, make > > > > > install. but when > > > > > > I try to run a test like > > > > > > > > > > > > # ./ima_tpm.sh > > > > > > ./ima_tpm.sh: 163: source: not found > > > > > > ./ima_tpm.sh: 164: setup: not found > > > > > > > > > > > > I get the error above. What could be > the > > problem, > > > > > Desperately need > > > > > > help. > > > I'm not sure as the lines 163/164 from > http://ltp.cvs.sourceforge.net/viewvc/ltp/ltp/testcases/kernel/security/integrity/ima/tests/ima_tpm.sh?revision=1.1&view=markup > > 163 > 164 # Function: main > > >From ltp-full-20090531, could you run the tests as: "./runltp > -f ima"? > > Some messages similar to what Afridi reported like "source: not found" > and "setup: not found" are still there. I am not snipping anything to > be careful not to miss anything! Please check that 'make install' actually put the scripts in ~/src/ltp-full-20090531/bin. Thanks! Mimi > root@shaz-desktop:~/ltp-full-20090531# ./runltp -f ima > INFO: creating /home/shaz/ltp-full-20090531/output directory > INFO: creating /home/shaz/ltp-full-20090531/results directory > If some fields are empty or look unusual you may have an old version. > Compare to the current minimal requirements in Documentation/Changes. > > > Checking for required user/group ids > > 'nobody' user id and group found. > 'bin' user id and group found. > 'daemon' user id and group found. > Users group found. > Sys group found. > DISTRIB_ID=Ubuntu > DISTRIB_RELEASE=9.04 > DISTRIB_CODENAME=jaunty > DISTRIB_DESCRIPTION="Ubuntu 9.04" > Linux shaz-desktop 2.6.30 #1 SMP Thu Jun 25 16:57:42 PKST 2009 i686 > GNU/Linux > > > Required users/groups exist. > Gnu C gcc (Ubuntu 4.3.3-5ubuntu4) 4.3.3 > Gnu make 3.81 > util-linux rc1) > mount rc1 (with libblkid support) > modutils 3.7-pre9 > e2fsprogs 1.41.4 > PPP 2.4.5 > Linux C Library > libc.2.9 > Dynamic linker (ldd) 2.9 > Procps 3.2.7 > Net-tools 1.60 > Kbd 1.14.1 > Sh-utils 6.10 > Modules Loaded aes_i586 aes_generic i915 binfmt_misc drm > i2c_algo_bit ppdev bridge stp bnep video output lp parport > snd_hda_codec_analog arc4 ecb snd_hda_intel ath5k snd_hda_codec > snd_pcm_oss mac80211 snd_mixer_oss snd_pcm snd_seq_dummy snd_seq_oss > snd_seq_midi snd_rawmidi snd_seq_midi_event snd_seq led_class > snd_timer psmouse snd_seq_device cfg80211 snd serio_raw intel_agp > soundcore pcspkr iTCO_wdt joydev snd_page_alloc agpgart > iTCO_vendor_support ohci1394 ieee1394 usbhid e1000e > > free reports: > total used free shared buffers > cached > Mem: 3059264 527488 2531776 0 14980 > 262708 > -/+ buffers/cache: 249800 2809464 > Swap: 0 0 0 > > /proc/cpuinfo > processor : 0 > vendor_id : GenuineIntel > cpu family : 6 > model : 23 > model name : Intel(R) Core(TM)2 Quad CPU Q8200 @ 2.33GHz > stepping : 10 > cpu MHz : 1998.000 > cache size : 2048 KB > physical id : 0 > siblings : 4 > core id : 0 > cpu cores : 4 > apicid : 0 > initial apicid : 0 > fdiv_bug : no > hlt_bug : no > f00f_bug : no > coma_bug : no > fpu : yes > fpu_exception : yes > cpuid level : 13 > wp : yes > flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge > mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe nx > lm constant_tsc arch_perfmon pebs bts pni dtes64 monitor ds_cpl est > tm2 ssse3 cx16 xtpr pdcm sse4_1 xsave lahf_lm > bogomips : 4665.57 > clflush size : 64 > power management: > > processor : 1 > vendor_id : GenuineIntel > cpu family : 6 > model : 23 > model name : Intel(R) Core(TM)2 Quad CPU Q8200 @ 2.33GHz > stepping : 10 > cpu MHz : 1998.000 > cache size : 2048 KB > physical id : 0 > siblings : 4 > core id : 1 > cpu cores : 4 > apicid : 1 > initial apicid : 1 > fdiv_bug : no > hlt_bug : no > f00f_bug : no > coma_bug : no > fpu : yes > fpu_exception : yes > cpuid level : 13 > wp : yes > flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge > mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe nx > lm constant_tsc arch_perfmon pebs bts pni dtes64 monitor ds_cpl est > tm2 ssse3 cx16 xtpr pdcm sse4_1 xsave lahf_lm > bogomips : 4666.41 > clflush size : 64 > power management: > > processor : 2 > vendor_id : GenuineIntel > cpu family : 6 > model : 23 > model name : Intel(R) Core(TM)2 Quad CPU Q8200 @ 2.33GHz > stepping : 10 > cpu MHz : 1998.000 > cache size : 2048 KB > physical id : 0 > siblings : 4 > core id : 2 > cpu cores : 4 > apicid : 2 > initial apicid : 2 > fdiv_bug : no > hlt_bug : no > f00f_bug : no > coma_bug : no > fpu : yes > fpu_exception : yes > cpuid level : 13 > wp : yes > flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge > mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe nx > lm constant_tsc arch_perfmon pebs bts pni dtes64 monitor ds_cpl est > tm2 ssse3 cx16 xtpr pdcm sse4_1 xsave lahf_lm > bogomips : 4666.43 > clflush size : 64 > power management: > > processor : 3 > vendor_id : GenuineIntel > cpu family : 6 > model : 23 > model name : Intel(R) Core(TM)2 Quad CPU Q8200 @ 2.33GHz > stepping : 10 > cpu MHz : 1998.000 > cache size : 2048 KB > physical id : 0 > siblings : 4 > core id : 3 > cpu cores : 4 > apicid : 3 > initial apicid : 3 > fdiv_bug : no > hlt_bug : no > f00f_bug : no > coma_bug : no > fpu : yes > fpu_exception : yes > cpuid level : 13 > wp : yes > flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge > mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe nx > lm constant_tsc arch_perfmon pebs bts pni dtes64 monitor ds_cpl est > tm2 ssse3 cx16 xtpr pdcm sse4_1 xsave lahf_lm > bogomips : 4666.43 > clflush size : 64 > power management: > > remove test cases which require the block device. > You can specify it with option -b > -e LOG > File: /home/shaz/ltp-full-20090531/results/LTP_RUN_ON-2009_Jun_29-11h_37m_39s.log > -e FAILED COMMAND > File: /home/shaz/ltp-full-20090531/output/LTP_RUN_ON-2009_Jun_29-11h_37m_39s.failed > Running tests....... > <<<test_start>>> > tag=ima01 stime=1246253859 > cmdline=" ima_measurements.sh" > contacts="" > analysis=exit > initiation_status="ok" > <<<test_output>>> > /home/shaz/ltp-full-20090531/testcases/bin/ima_measurements.sh: 170: > source: not found > /home/shaz/ltp-full-20090531/testcases/bin/ima_measurements.sh: 171: > setup: not found > <<<execution_status>>> > duration=0 termination_type=exited termination_id=0 corefile=no > cutime=0 cstime=0 > <<<test_end>>> > <<<test_start>>> > tag=ima02 stime=1246253859 > cmdline=" ima_policy.sh" > contacts="" > analysis=exit > initiation_status="ok" > <<<test_output>>> > /home/shaz/ltp-full-20090531/testcases/bin/ima_policy.sh: 158: source: > not found > /home/shaz/ltp-full-20090531/testcases/bin/ima_policy.sh: 159: setup: > not found > <<<execution_status>>> > duration=0 termination_type=exited termination_id=0 corefile=no > cutime=0 cstime=0 > <<<test_end>>> > <<<test_start>>> > tag=ima03 stime=1246253859 > cmdline=" ima_tpm.sh" > contacts="" > analysis=exit > initiation_status="ok" > <<<test_output>>> > /home/shaz/ltp-full-20090531/testcases/bin/ima_tpm.sh: 163: source: > not found > /home/shaz/ltp-full-20090531/testcases/bin/ima_tpm.sh: 164: setup: not > found > <<<execution_status>>> > duration=0 termination_type=exited termination_id=0 corefile=no > cutime=0 cstime=0 > <<<test_end>>> > <<<test_start>>> > tag=ima04 stime=1246253859 > cmdline=" ima_violations.sh" > contacts="" > analysis=exit > initiation_status="ok" > <<<test_output>>> > incrementing stop > /home/shaz/ltp-full-20090531/testcases/bin/ima_violations.sh: 178: > source: not found > /home/shaz/ltp-full-20090531/testcases/bin/ima_violations.sh: 179: > setup: not found > <<<execution_status>>> > duration=0 termination_type=exited termination_id=0 corefile=no > cutime=0 cstime=1 > <<<test_end>>> > INFO: ltp-pan reported all tests PASS > LTP Version: LTP-20090531 > > > ###############################################################" > > Done executing testcases." > LTP Version: LTP-20090531 > > ###############################################################" > > root@shaz-desktop:~/ltp-full-20090531# > > > > > > > > > > > > > > > Look through: > > > > > > > > http://ltp.cvs.sourceforge.net/viewvc/ltp/ltp/testcases/kernel/security/integrity/ima/README, > > > > > on instructions to setup before > executing those > > tests. > > > > > > > > > > I already have done these steps. but I think > the > > problem will be with > > > > > mounting partition with iversion support(I > have done > > this too, added > > > > > iversion to fstab). I am not clear about whats > iversion, > > so thats why > > > > > I am going to clear my Idea about iversion. > but if some > > body can help > > > > > with both the problem and iversion, I will be > very > > thankful. > > > > > > > > Mimi, > > > > > > > > Can you please help Afridi ? > > > > > > > > Regards-- > > > > Subrata > > > > > > Sure. I'm in the process of updating the web site > > > http://linux-ima.sourceforge.net/, but it is a > good place to > > start. > > > There's also IMA mailing lists > > > http://sourceforge.net/projects/linux-ima. > > > > > > Thanks. I am going to put this info as well on: > > > http://ltp.cvs.sourceforge.net/viewvc/ltp/ltp/testcases/kernel/security/integrity/ima/README > > > > > > Regards-- > > Subrata > > > > > > > > > > Mimi > > > > > > > > > > > > > > > > > > > > > > > Regards-- > > > > > Subrata > > > > > > > > > > > > > > > > > -- > > > > > > Waqar Afridi > > > > > > Research Associate > > > > > > Member: Security Engineering > Research Group > > (SERG) > > > > > > IM | Sciences Peshawar > > > > > > > > > > > > > > > > > > > ------------------------------------------------------------------------------ > > > > > > > > _______________________________________________ > > > > > > Ltp-list mailing list > > > > > > Ltp...@li... > > > > > > > > > https://lists.sourceforge.net/lists/listinfo/ltp-list > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > Waqar Afridi > > > > > Research Associate > > > > > Member: Security Engineering Research Group > (SERG) > > > > > IM | Sciences Peshawar > > > > > > > > > > > > > > > I forgot to mention that I am using Ubuntu 9.04, and their > is no > > auditd, but in README it was stated that in case if we have > auditd > > then we will have to patch it. Does these things have > something to do > > with it, > > > Without auditing, the msgs should be in /var/log/messages. > > > The line of fstab is > > > > # / was on /dev/sda1 during installation > > UUID=4aff6b42-ccde-4a54-9b58-da77e94e8372 / > ext3 > > relatime,errors=remount-ro,iversion 0 1 > > > > but i have also tried "mount -n -o remount,rw,iversion /" > manully. It > > did not report any error. so what could be the problem. > > > Before adding i_version support, lets make sure the IMA > measurement list > exists. You'll need to mount securityfs. Add the following > line > to /etc/fstab: > > securityfs /sys/kernel/security securityfs > defaults 0 0 > > As securityfs files can only be read by root, you'll need to > view the > IMA measurement list as root: > > su -c > 'cat /sys/kernel/security/ima/ascii_runtime_measurements' > > The first 10 lines should look something like this: > > 10 7971593a7ad22a7cce5b234e4bc5d71b04696af4 ima > b5a166c10d153b7cc3e5b4f1eab1f71672b7c524 boot_aggregate > 10 2c7020ad8cab6b7419e4973171cb704bdbf52f77 ima > e09e048c48301268ff38645f4c006137e42951d0 /init > 10 ef7a0aff83dd46603ebd13d1d789445365adb3b3 ima > 0f8b3432535d5eab912ad3ba744507e35e3617c1 /init > 10 247dba6fc82b346803660382d1973c019243e59f ima > 747acb096b906392a62734916e0bb39cef540931 ld-2.9.so > 10 341de30a46fa55976b26e55e0e19ad22b5712dcb ima > 326045fc3d74d8c8b23ac8ec0a4d03fdacd9618a ld.so.cache > 10 78bd3f605d53111aeb0ff3dd44b2eba8586e8626 ima > 52ac5da573595ac0804f9e54ba4bf8c446c6b803 libnash.so.6.0.71 > 10 971df3483b50e89ee2685c4c2ff178923bf0e7f5 ima > 530973299e3888233d00cf9a82ac614e3d08a107 libbdevid.so.6.0.71 > 10 c3ec0e0379aece05e819c0caa10cf0d55da7e99e ima > 275a2b138888ec42ae880ecbb4b17a16f4fff363 libdevmapper.so.1.02 > 10 10df829c1c4c59520299da8898b3c73608978cd3 ima > b0a889ac403277a070699748bcd795ea39891fb6 > libparted-1.8.so.8.0.0 > 10 b82d233e5a098e8e4948aabf3595c18a3541d40a ima > 303510d38e827a6e2cb8fa43fbf10792ccf7ffc2 libblkid.so.1.0 > 10 4e46623f457d47cae48fd2cb839a5bf057e22842 ima > 3b99b61fa8fe50be2b2556b3e45ec877276f29ad libselinux.so.1 > > My ascii_runtime_measurements "without TPM" and trsuted grub: > > root@shaz-desktop:/sys/kernel/security/ima# cat > ascii_runtime_measurements > 10 0000000000000000000000000000000000000000 ima > 0000000000000000000000000000000000000000 boot_aggregate > 10 8a11aa2017bfdf52ae1ab8cfb277fc651bc7d611 ima > e6d56d44e22b8f6b783c039d45703e8fd28cb796 /init > 10 a078e19e5ea2bf75ed353fc6613f7132863618d5 ima > 3d90e18f67f1c580c1212126a3c22cf07c7288dd /init > 10 089c6ce6198fee74262cf4244ffdea98a2392ded ima > 3d90e18f67f1c580c1212126a3c22cf07c7288dd /bin/busybox > 10 c69571a6b6185b474fa7437cb2b31253721824d4 ima > 7e9431ee7bcbe0c4ea0054baf84672fdff7d6391 arch.conf > 10 3d0d130a199ea78a53fc52f4913d28f5d0da8910 ima > 0ec1deb5c2338808cf9dd31a0b16473d273fb570 initramfs.conf > 10 71fc6cf0e268c0ffad291eaa1ce49ab14b6e39de ima > a1550fe2ce2f915eac8786d1d693141072feea87 functions > 10 a14f597eb53f1a12725c9f772229f59c0de61110 ima > ad273a22d013fab039459654369b40e47a6e04ac /sbin/depmod > 10 30b51606815deb8bb6c9d1a17db33eb8e5ce1465 ima > b9269024f4129804673f366b5a67061f54d7be3f ld-linux.so.2 > 10 e978baf0c895be2b32a803e200b15b9c4a5d3464 ima > 803088880d0abdda917385e88a9ac1ed61ce0f71 libc.so.6 > 10 470ccc4179c13da27c13e4bcf9bb1367b63b012f ima > 9e53db1ab4d05f104b35a42221625a093c16c611 lockd.ko > 10 f0405e7911c81ca501a1b811f674a613e3b4383c ima > f0304e84a02bc10731ed1073523de0eea2e225e3 nfs_acl.ko > 10 81266f0acf890d0f958da808d49213623b7ee155 ima > 66a73677f13c8c0c8c76188c840972cd9dd1a6cd nls_cp437.ko > 10 7a539d4fa73ed128db796cd3e79f4226d2c36593 ima > ef12d9b3d9b8a4e79505168e9873e1c94d500933 nls_iso8859-1.ko > 10 51b1cb6c671368385ae52d74f656e84ff975cd3c ima > 6767b00f5aa5a1803ebe5c707ac192b8d87380c3 configfs.ko > 10 3008c3239e9e6dfc4e1b3336ef418a932a093633 ima > 7e64c2ce2d5f34d6cc542e282879378f1529f0a1 /sbin/modprobe > 10 f5e2aba9248a17633fc341c199a9eb86a3ca1693 ima > 709bd18ab94b438ab5a574c30bcd6ea5d7e148e3 alsa-base.conf > 10 eaeba19e41595a15ff66099c5b8fcfbaa6af9314 ima > cd74d302e42741adff5d34a3f68e829ae5c25af1 blacklist-ath_pci.conf > 10 e6f518d4099550322a8f15eb78c96527db01c8cf ima > da2ce35e655ad5e5d5cf1cab4c543f2e1faccc86 blacklist-firewire.conf > > > > > 1st field - the IMA PCR register > 2nd field - SHA1 hash of the IMA template > (SHA1 file data hash, file name hint) > 3rd field - template name > 4th field - SHA1 hash of the file data > > Mimi > > > > ------------------------------------------------------------------------------ > _______________________________________________ > Linux-ima-user mailing list > Lin...@li... > https://lists.sourceforge.net/lists/listinfo/linux-ima-user > > > > -- > Shaz > |
|
From: Shaz <sha...@gm...> - 2009-06-29 05:52:05
|
On Mon, Jun 29, 2009 at 4:11 AM, Mimi Zohar <zo...@li...>wrote: > On Sat, 2009-06-27 at 12:45 +0600, waqar afridi wrote: > > > > > > On Fri, Jun 26, 2009 at 5:32 PM, Subrata Modak > > <su...@li...> wrote: > > > > On Thu, 2009-06-25 at 08:04 -0400, Mimi Zohar wrote: > > > On Thu, 2009-06-25 at 16:17 +0530, Subrata Modak wrote: > > > > On Thu, 2009-06-25 at 16:39 +0600, waqar afridi wrote: > > > > > > > > > > > > > > > On Thu, Jun 25, 2009 at 3:11 PM, Subrata Modak > > > > > <su...@li...> wrote: > > > > > On Thu, 2009-06-25 at 13:00 +0600, waqar afridi > > wrote: > > > > > > Hi All > > > > > > > > > > > > I have downloaded ltp-full-20090531.tgz and > > installed it > > > > > using the > > > > > > commands make autotools, ./configure, make > > all, make > > > > > install. but when > > > > > > I try to run a test like > > > > > > > > > > > > # ./ima_tpm.sh > > > > > > ./ima_tpm.sh: 163: source: not found > > > > > > ./ima_tpm.sh: 164: setup: not found > > > > > > > > > > > > I get the error above. What could be the > > problem, > > > > > Desperately need > > > > > > help. > > I'm not sure as the lines 163/164 from > > http://ltp.cvs.sourceforge.net/viewvc/ltp/ltp/testcases/kernel/security/integrity/ > ima/tests/ima_tpm.sh?revision=1.1&view=markup > > 163 > 164 # Function: main > > >From ltp-full-20090531, could you run the tests as: "./runltp -f ima"? Some messages similar to what Afridi reported like "source: not found" and "setup: not found" are still there. I am not snipping anything to be careful not to miss anything! root@shaz-desktop:~/ltp-full-20090531# ./runltp -f ima INFO: creating /home/shaz/ltp-full-20090531/output directory INFO: creating /home/shaz/ltp-full-20090531/results directory If some fields are empty or look unusual you may have an old version. Compare to the current minimal requirements in Documentation/Changes. Checking for required user/group ids 'nobody' user id and group found. 'bin' user id and group found. 'daemon' user id and group found. Users group found. Sys group found. DISTRIB_ID=Ubuntu DISTRIB_RELEASE=9.04 DISTRIB_CODENAME=jaunty DISTRIB_DESCRIPTION="Ubuntu 9.04" Linux shaz-desktop 2.6.30 #1 SMP Thu Jun 25 16:57:42 PKST 2009 i686 GNU/Linux Required users/groups exist. Gnu C gcc (Ubuntu 4.3.3-5ubuntu4) 4.3.3 Gnu make 3.81 util-linux rc1) mount rc1 (with libblkid support) modutils 3.7-pre9 e2fsprogs 1.41.4 PPP 2.4.5 Linux C Library > libc.2.9 Dynamic linker (ldd) 2.9 Procps 3.2.7 Net-tools 1.60 Kbd 1.14.1 Sh-utils 6.10 Modules Loaded aes_i586 aes_generic i915 binfmt_misc drm i2c_algo_bit ppdev bridge stp bnep video output lp parport snd_hda_codec_analog arc4 ecb snd_hda_intel ath5k snd_hda_codec snd_pcm_oss mac80211 snd_mixer_oss snd_pcm snd_seq_dummy snd_seq_oss snd_seq_midi snd_rawmidi snd_seq_midi_event snd_seq led_class snd_timer psmouse snd_seq_device cfg80211 snd serio_raw intel_agp soundcore pcspkr iTCO_wdt joydev snd_page_alloc agpgart iTCO_vendor_support ohci1394 ieee1394 usbhid e1000e free reports: total used free shared buffers cached Mem: 3059264 527488 2531776 0 14980 262708 -/+ buffers/cache: 249800 2809464 Swap: 0 0 0 /proc/cpuinfo processor : 0 vendor_id : GenuineIntel cpu family : 6 model : 23 model name : Intel(R) Core(TM)2 Quad CPU Q8200 @ 2.33GHz stepping : 10 cpu MHz : 1998.000 cache size : 2048 KB physical id : 0 siblings : 4 core id : 0 cpu cores : 4 apicid : 0 initial apicid : 0 fdiv_bug : no hlt_bug : no f00f_bug : no coma_bug : no fpu : yes fpu_exception : yes cpuid level : 13 wp : yes flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe nx lm constant_tsc arch_perfmon pebs bts pni dtes64 monitor ds_cpl est tm2 ssse3 cx16 xtpr pdcm sse4_1 xsave lahf_lm bogomips : 4665.57 clflush size : 64 power management: processor : 1 vendor_id : GenuineIntel cpu family : 6 model : 23 model name : Intel(R) Core(TM)2 Quad CPU Q8200 @ 2.33GHz stepping : 10 cpu MHz : 1998.000 cache size : 2048 KB physical id : 0 siblings : 4 core id : 1 cpu cores : 4 apicid : 1 initial apicid : 1 fdiv_bug : no hlt_bug : no f00f_bug : no coma_bug : no fpu : yes fpu_exception : yes cpuid level : 13 wp : yes flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe nx lm constant_tsc arch_perfmon pebs bts pni dtes64 monitor ds_cpl est tm2 ssse3 cx16 xtpr pdcm sse4_1 xsave lahf_lm bogomips : 4666.41 clflush size : 64 power management: processor : 2 vendor_id : GenuineIntel cpu family : 6 model : 23 model name : Intel(R) Core(TM)2 Quad CPU Q8200 @ 2.33GHz stepping : 10 cpu MHz : 1998.000 cache size : 2048 KB physical id : 0 siblings : 4 core id : 2 cpu cores : 4 apicid : 2 initial apicid : 2 fdiv_bug : no hlt_bug : no f00f_bug : no coma_bug : no fpu : yes fpu_exception : yes cpuid level : 13 wp : yes flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe nx lm constant_tsc arch_perfmon pebs bts pni dtes64 monitor ds_cpl est tm2 ssse3 cx16 xtpr pdcm sse4_1 xsave lahf_lm bogomips : 4666.43 clflush size : 64 power management: processor : 3 vendor_id : GenuineIntel cpu family : 6 model : 23 model name : Intel(R) Core(TM)2 Quad CPU Q8200 @ 2.33GHz stepping : 10 cpu MHz : 1998.000 cache size : 2048 KB physical id : 0 siblings : 4 core id : 3 cpu cores : 4 apicid : 3 initial apicid : 3 fdiv_bug : no hlt_bug : no f00f_bug : no coma_bug : no fpu : yes fpu_exception : yes cpuid level : 13 wp : yes flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe nx lm constant_tsc arch_perfmon pebs bts pni dtes64 monitor ds_cpl est tm2 ssse3 cx16 xtpr pdcm sse4_1 xsave lahf_lm bogomips : 4666.43 clflush size : 64 power management: remove test cases which require the block device. You can specify it with option -b -e LOG File: /home/shaz /ltp-full-20090531/results/LTP_RUN_ON-2009_Jun_29-11h_37m_39s.log -e FAILED COMMAND File: /home/shaz /ltp-full-20090531/output/LTP_RUN_ON-2009_Jun_29-11h_37m_39s.failed Running tests....... <<<test_start>>> tag=ima01 stime=1246253859 cmdline=" ima_measurements.sh" contacts="" analysis=exit initiation_status="ok" <<<test_output>>> /home/shaz/ltp-full-20090531/testcases/bin/ima_measurements.sh: 170: *source: not found* /home/shaz/ltp-full-20090531/testcases/bin/ima_measurements.sh: 171: *setup: not found* <<<execution_status>>> duration=0 termination_type=exited termination_id=0 corefile=no cutime=0 cstime=0 <<<test_end>>> <<<test_start>>> tag=ima02 stime=1246253859 cmdline=" ima_policy.sh" contacts="" analysis=exit initiation_status="ok" <<<test_output>>> /home/shaz/ltp-full-20090531/testcases/bin/ima_policy.sh: 158: *source: not found* /home/shaz/ltp-full-20090531/testcases/bin/ima_policy.sh: 159: *setup: not found* <<<execution_status>>> duration=0 termination_type=exited termination_id=0 corefile=no cutime=0 cstime=0 <<<test_end>>> <<<test_start>>> tag=ima03 stime=1246253859 cmdline=" ima_tpm.sh" contacts="" analysis=exit initiation_status="ok" <<<test_output>>> /home/shaz/ltp-full-20090531/testcases/bin/ima_tpm.sh: 163: *source: not found* /home/shaz/ltp-full-20090531/testcases/bin/ima_tpm.sh: 164: *setup: not found* <<<execution_status>>> duration=0 termination_type=exited termination_id=0 corefile=no cutime=0 cstime=0 <<<test_end>>> <<<test_start>>> tag=ima04 stime=1246253859 cmdline=" ima_violations.sh" contacts="" analysis=exit initiation_status="ok" <<<test_output>>> incrementing stop /home/shaz/ltp-full-20090531/testcases/bin/ima_violations.sh: 178: *source: not found* /home/shaz/ltp-full-20090531/testcases/bin/ima_violations.sh: 179: *setup: not found* <<<execution_status>>> duration=0 termination_type=exited termination_id=0 corefile=no cutime=0 cstime=1 <<<test_end>>> INFO: ltp-pan reported all tests PASS LTP Version: LTP-20090531 ###############################################################" Done executing testcases." LTP Version: LTP-20090531 ###############################################################" root@shaz-desktop:~/ltp-full-20090531# > > > > > > > > > > > > Look through: > > > > > > > > http://ltp.cvs.sourceforge.net/viewvc/ltp/ltp/testcases/kernel/security/integrity/ > ima/README, > > > > > on instructions to setup before executing those > > tests. > > > > > > > > > > I already have done these steps. but I think the > > problem will be with > > > > > mounting partition with iversion support(I have done > > this too, added > > > > > iversion to fstab). I am not clear about whats iversion, > > so thats why > > > > > I am going to clear my Idea about iversion. but if some > > body can help > > > > > with both the problem and iversion, I will be very > > thankful. > > > > > > > > Mimi, > > > > > > > > Can you please help Afridi ? > > > > > > > > Regards-- > > > > Subrata > > > > > > Sure. I'm in the process of updating the web site > > > http://linux-ima.sourceforge.net/, but it is a good place to > > start. > > > There's also IMA mailing lists > > > http://sourceforge.net/projects/linux-ima. > > > > > > Thanks. I am going to put this info as well on: > > > http://ltp.cvs.sourceforge.net/viewvc/ltp/ltp/testcases/kernel/security/integrity/ > ima/README > > > > > > Regards-- > > Subrata > > > > > > > > > > Mimi > > > > > > > > > > > > > > > > > > > > > > > Regards-- > > > > > Subrata > > > > > > > > > > > > > > > > > -- > > > > > > Waqar Afridi > > > > > > Research Associate > > > > > > Member: Security Engineering Research Group > > (SERG) > > > > > > IM | Sciences Peshawar > > > > > > > > > > > > > > > > > > > ------------------------------------------------------------------------------ > > > > > > > > _______________________________________________ > > > > > > Ltp-list mailing list > > > > > > Ltp...@li... > > > > > > > > https://lists.sourceforge.net/lists/listinfo/ltp-list > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > Waqar Afridi > > > > > Research Associate > > > > > Member: Security Engineering Research Group (SERG) > > > > > IM | Sciences Peshawar > > > > > > > > > > > > > > > I forgot to mention that I am using Ubuntu 9.04, and their is no > > auditd, but in README it was stated that in case if we have auditd > > then we will have to patch it. Does these things have something to do > > with it, > > Without auditing, the msgs should be in /var/log/messages. > > > The line of fstab is > > > > # / was on /dev/sda1 during installation > > UUID=4aff6b42-ccde-4a54-9b58-da77e94e8372 / ext3 > > relatime,errors=remount-ro,iversion 0 1 > > > > but i have also tried "mount -n -o remount,rw,iversion /" manully. It > > did not report any error. so what could be the problem. > > Before adding i_version support, lets make sure the IMA measurement list > exists. You'll need to mount securityfs. Add the following line > to /etc/fstab: > > securityfs /sys/kernel/security securityfs defaults 0 0 > > As securityfs files can only be read by root, you'll need to view the > IMA measurement list as root: > > su -c 'cat /sys/kernel/security/ima/ascii_runtime_measurements' > > The first 10 lines should look something like this: > > 10 7971593a7ad22a7cce5b234e4bc5d71b04696af4 imab5a166c10d153b7cc3e5b4f1eab1f71672b7c524 boot_aggregate > 10 2c7020ad8cab6b7419e4973171cb704bdbf52f77 imae09e048c48301268ff38645f4c006137e42951d0 /init > 10 ef7a0aff83dd46603ebd13d1d789445365adb3b3 ima0f8b3432535d5eab912ad3ba744507e35e3617c1 /init > 10 247dba6fc82b346803660382d1973c019243e59f ima747acb096b906392a62734916e0bb39cef540931 > ld-2.9.so > 10 341de30a46fa55976b26e55e0e19ad22b5712dcb ima326045fc3d74d8c8b23ac8ec0a4d03fdacd9618a ld.so.cache > 10 78bd3f605d53111aeb0ff3dd44b2eba8586e8626 ima52ac5da573595ac0804f9e54ba4bf8c446c6b803 libnash.so.6.0.71 > 10 971df3483b50e89ee2685c4c2ff178923bf0e7f5 ima530973299e3888233d00cf9a82ac614e3d08a107 libbdevid.so.6.0.71 > 10 c3ec0e0379aece05e819c0caa10cf0d55da7e99e ima275a2b138888ec42ae880ecbb4b17a16f4fff363 libdevmapper.so.1.02 > 10 10df829c1c4c59520299da8898b3c73608978cd3 imab0a889ac403277a070699748bcd795ea39891fb6 libparted-1.8.so.8.0.0 > 10 b82d233e5a098e8e4948aabf3595c18a3541d40a ima303510d38e827a6e2cb8fa43fbf10792ccf7ffc2 libblkid.so.1.0 > 10 4e46623f457d47cae48fd2cb839a5bf057e22842 ima3b99b61fa8fe50be2b2556b3e45ec877276f29ad libselinux.so.1 > My ascii_runtime_measurements "without TPM" and trsuted grub: root@shaz-desktop:/sys/kernel/security/ima# cat ascii_runtime_measurements 10 0000000000000000000000000000000000000000 ima0000000000000000000000000000000000000000 boot_aggregate 10 8a11aa2017bfdf52ae1ab8cfb277fc651bc7d611 imae6d56d44e22b8f6b783c039d45703e8fd28cb796 /init 10 a078e19e5ea2bf75ed353fc6613f7132863618d5 ima3d90e18f67f1c580c1212126a3c22cf07c7288dd /init 10 089c6ce6198fee74262cf4244ffdea98a2392ded ima3d90e18f67f1c580c1212126a3c22cf07c7288dd /bin/busybox 10 c69571a6b6185b474fa7437cb2b31253721824d4 ima7e9431ee7bcbe0c4ea0054baf84672fdff7d6391 arch.conf 10 3d0d130a199ea78a53fc52f4913d28f5d0da8910 ima0ec1deb5c2338808cf9dd31a0b16473d273fb570 initramfs.conf 10 71fc6cf0e268c0ffad291eaa1ce49ab14b6e39de imaa1550fe2ce2f915eac8786d1d693141072feea87 functions 10 a14f597eb53f1a12725c9f772229f59c0de61110 imaad273a22d013fab039459654369b40e47a6e04ac /sbin/depmod 10 30b51606815deb8bb6c9d1a17db33eb8e5ce1465 imab9269024f4129804673f366b5a67061f54d7be3f ld-linux.so.2 10 e978baf0c895be2b32a803e200b15b9c4a5d3464 ima803088880d0abdda917385e88a9ac1ed61ce0f71 libc.so.6 10 470ccc4179c13da27c13e4bcf9bb1367b63b012f ima9e53db1ab4d05f104b35a42221625a093c16c611 lockd.ko 10 f0405e7911c81ca501a1b811f674a613e3b4383c imaf0304e84a02bc10731ed1073523de0eea2e225e3 nfs_acl.ko 10 81266f0acf890d0f958da808d49213623b7ee155 ima66a73677f13c8c0c8c76188c840972cd9dd1a6cd nls_cp437.ko 10 7a539d4fa73ed128db796cd3e79f4226d2c36593 imaef12d9b3d9b8a4e79505168e9873e1c94d500933 nls_iso8859-1.ko 10 51b1cb6c671368385ae52d74f656e84ff975cd3c ima6767b00f5aa5a1803ebe5c707ac192b8d87380c3 configfs.ko 10 3008c3239e9e6dfc4e1b3336ef418a932a093633 ima7e64c2ce2d5f34d6cc542e282879378f1529f0a1 /sbin/modprobe 10 f5e2aba9248a17633fc341c199a9eb86a3ca1693 ima709bd18ab94b438ab5a574c30bcd6ea5d7e148e3 alsa-base.conf 10 eaeba19e41595a15ff66099c5b8fcfbaa6af9314 imacd74d302e42741adff5d34a3f68e829ae5c25af1 blacklist-ath_pci.conf 10 e6f518d4099550322a8f15eb78c96527db01c8cf imada2ce35e655ad5e5d5cf1cab4c543f2e1faccc86 blacklist-firewire.conf > > 1st field - the IMA PCR register > 2nd field - SHA1 hash of the IMA template > (SHA1 file data hash, file name hint) > 3rd field - template name > 4th field - SHA1 hash of the file data > > Mimi > > > > > ------------------------------------------------------------------------------ > _______________________________________________ > Linux-ima-user mailing list > Lin...@li... > https://lists.sourceforge.net/lists/listinfo/linux-ima-user > -- Shaz |
|
From: Mimi Z. <zo...@li...> - 2009-06-28 22:24:51
|
On Sat, 2009-06-27 at 17:01 +0600, Shaz wrote:
>
>
> On Sat, Jun 27, 2009 at 1:05 PM, Shaz <sha...@gm...> wrote:
> Dear Mimi,
>
> You mentioned on the site about this patch and also emailed me
> earlier to use this patch. Can you please specify the behavior
> of this patch? I am already going through the code but your
> description can help. As far as I have figured out from the
> available docs, it uses LSM attributes so which attributes are
> they? Extended attributes?
>
> As far as I have figured out it is the security contexts and the four
> functions (mentioned in
> linux-2.6/Documentation/ABI/testing/ima_policy) that can be specified
> to be "measure" or "dont_measure". Is there anything else apart from
> this? I will appreciate some explaination or references to the magic
> related to the filesystem points w.r.t ima_policy.
The LSM specific audit rules as described in
Documentation/ABI/testing/ima_policy are:
lsm: [[subj_user=] [subj_role=] [subj_type=]
[obj_user=] [obj_role=] [obj_type=]]
I'm sure there are better ways of viewing SELinux attributes. Here is
one method:
[zohar@dyn9002018117 ltp-full-20090531]$ su -c 'getfattr -m ^security
-d /etc/* | more'
Password:
getfattr: Removing leading '/' from absolute path names
# file: etc/acpi
security.selinux="system_u:object_r:etc_t:s0\000"
# file: etc/adjtime
security.selinux="system_u:object_r:adjtime_t:s0\000"
<snip>
>
>
> If you need any assistance for linux-ima website then do let
> me know because its lacking clarity and amount of
> documentation for rookies like myself.
>
> Thank you.
I realize the web pages need quite a bit of work. I've just taken over
the website and have started working on it. Suggestions are definitely
welcome!
> My team is also troubleshooting some LTP problems. It seems that we
> are having problems due to a change in the distro. I do not like this
> explaination but we have done the mounting with iversion and the
> problem persists. I am giving it a run myself at the moment and will
> update that specific thread if I succeed.
Could you run "ltp-full-20090531/runltp -f ima" and post the results
here?
Thanks!
Mimi
|
|
From: Mimi Z. <zo...@li...> - 2009-06-28 22:11:32
|
On Sat, 2009-06-27 at 12:45 +0600, waqar afridi wrote: > > > On Fri, Jun 26, 2009 at 5:32 PM, Subrata Modak > <su...@li...> wrote: > > On Thu, 2009-06-25 at 08:04 -0400, Mimi Zohar wrote: > > On Thu, 2009-06-25 at 16:17 +0530, Subrata Modak wrote: > > > On Thu, 2009-06-25 at 16:39 +0600, waqar afridi wrote: > > > > > > > > > > > > On Thu, Jun 25, 2009 at 3:11 PM, Subrata Modak > > > > <su...@li...> wrote: > > > > On Thu, 2009-06-25 at 13:00 +0600, waqar afridi > wrote: > > > > > Hi All > > > > > > > > > > I have downloaded ltp-full-20090531.tgz and > installed it > > > > using the > > > > > commands make autotools, ./configure, make > all, make > > > > install. but when > > > > > I try to run a test like > > > > > > > > > > # ./ima_tpm.sh > > > > > ./ima_tpm.sh: 163: source: not found > > > > > ./ima_tpm.sh: 164: setup: not found > > > > > > > > > > I get the error above. What could be the > problem, > > > > Desperately need > > > > > help. I'm not sure as the lines 163/164 from http://ltp.cvs.sourceforge.net/viewvc/ltp/ltp/testcases/kernel/security/integrity/ima/tests/ima_tpm.sh?revision=1.1&view=markup 163 164 # Function: main >From ltp-full-20090531, could you run the tests as: "./runltp -f ima"? > > > > > > > > Look through: > > > > > http://ltp.cvs.sourceforge.net/viewvc/ltp/ltp/testcases/kernel/security/integrity/ima/README, > > > > on instructions to setup before executing those > tests. > > > > > > > > I already have done these steps. but I think the > problem will be with > > > > mounting partition with iversion support(I have done > this too, added > > > > iversion to fstab). I am not clear about whats iversion, > so thats why > > > > I am going to clear my Idea about iversion. but if some > body can help > > > > with both the problem and iversion, I will be very > thankful. > > > > > > Mimi, > > > > > > Can you please help Afridi ? > > > > > > Regards-- > > > Subrata > > > > Sure. I'm in the process of updating the web site > > http://linux-ima.sourceforge.net/, but it is a good place to > start. > > There's also IMA mailing lists > > http://sourceforge.net/projects/linux-ima. > > > Thanks. I am going to put this info as well on: > http://ltp.cvs.sourceforge.net/viewvc/ltp/ltp/testcases/kernel/security/integrity/ima/README > > > Regards-- > Subrata > > > > > > Mimi > > > > > > > > > > > > > > > > > > Regards-- > > > > Subrata > > > > > > > > > > > > > > -- > > > > > Waqar Afridi > > > > > Research Associate > > > > > Member: Security Engineering Research Group > (SERG) > > > > > IM | Sciences Peshawar > > > > > > > > > > > > > > ------------------------------------------------------------------------------ > > > > > > _______________________________________________ > > > > > Ltp-list mailing list > > > > > Ltp...@li... > > > > > > https://lists.sourceforge.net/lists/listinfo/ltp-list > > > > > > > > > > > > > > > > > > > > -- > > > > Waqar Afridi > > > > Research Associate > > > > Member: Security Engineering Research Group (SERG) > > > > IM | Sciences Peshawar > > > > > > > > > I forgot to mention that I am using Ubuntu 9.04, and their is no > auditd, but in README it was stated that in case if we have auditd > then we will have to patch it. Does these things have something to do > with it, Without auditing, the msgs should be in /var/log/messages. > The line of fstab is > > # / was on /dev/sda1 during installation > UUID=4aff6b42-ccde-4a54-9b58-da77e94e8372 / ext3 > relatime,errors=remount-ro,iversion 0 1 > > but i have also tried "mount -n -o remount,rw,iversion /" manully. It > did not report any error. so what could be the problem. Before adding i_version support, lets make sure the IMA measurement list exists. You'll need to mount securityfs. Add the following line to /etc/fstab: securityfs /sys/kernel/security securityfs defaults 0 0 As securityfs files can only be read by root, you'll need to view the IMA measurement list as root: su -c 'cat /sys/kernel/security/ima/ascii_runtime_measurements' The first 10 lines should look something like this: 10 7971593a7ad22a7cce5b234e4bc5d71b04696af4 ima b5a166c10d153b7cc3e5b4f1eab1f71672b7c524 boot_aggregate 10 2c7020ad8cab6b7419e4973171cb704bdbf52f77 ima e09e048c48301268ff38645f4c006137e42951d0 /init 10 ef7a0aff83dd46603ebd13d1d789445365adb3b3 ima 0f8b3432535d5eab912ad3ba744507e35e3617c1 /init 10 247dba6fc82b346803660382d1973c019243e59f ima 747acb096b906392a62734916e0bb39cef540931 ld-2.9.so 10 341de30a46fa55976b26e55e0e19ad22b5712dcb ima 326045fc3d74d8c8b23ac8ec0a4d03fdacd9618a ld.so.cache 10 78bd3f605d53111aeb0ff3dd44b2eba8586e8626 ima 52ac5da573595ac0804f9e54ba4bf8c446c6b803 libnash.so.6.0.71 10 971df3483b50e89ee2685c4c2ff178923bf0e7f5 ima 530973299e3888233d00cf9a82ac614e3d08a107 libbdevid.so.6.0.71 10 c3ec0e0379aece05e819c0caa10cf0d55da7e99e ima 275a2b138888ec42ae880ecbb4b17a16f4fff363 libdevmapper.so.1.02 10 10df829c1c4c59520299da8898b3c73608978cd3 ima b0a889ac403277a070699748bcd795ea39891fb6 libparted-1.8.so.8.0.0 10 b82d233e5a098e8e4948aabf3595c18a3541d40a ima 303510d38e827a6e2cb8fa43fbf10792ccf7ffc2 libblkid.so.1.0 10 4e46623f457d47cae48fd2cb839a5bf057e22842 ima 3b99b61fa8fe50be2b2556b3e45ec877276f29ad libselinux.so.1 1st field - the IMA PCR register 2nd field - SHA1 hash of the IMA template (SHA1 file data hash, file name hint) 3rd field - template name 4th field - SHA1 hash of the file data Mimi |
|
From: Shaz <sha...@gm...> - 2009-06-27 11:01:15
|
On Sat, Jun 27, 2009 at 1:05 PM, Shaz <sha...@gm...> wrote: > Dear Mimi, > > You mentioned on the site about this patch and also emailed me earlier to > use this patch. Can you please specify the behavior of this patch? I am > already going through the code but your description can help. As far as I > have figured out from the available docs, it uses LSM attributes so which > attributes are they? Extended attributes? As far as I have figured out it is the security contexts and the four functions (mentioned in linux-2.6/Documentation/ABI/testing/ima_policy) that can be specified to be "measure" or "dont_measure". Is there anything else apart from this? I will appreciate some explaination or references to the magic related to the filesystem points w.r.t ima_policy. > > > If you need any assistance for linux-ima website then do let me know > because its lacking clarity and amount of documentation for rookies like > myself. > > Thank you. My team is also troubleshooting some LTP problems. It seems that we are having problems due to a change in the distro. I do not like this explaination but we have done the mounting with iversion and the problem persists. I am giving it a run myself at the moment and will update that specific thread if I succeed. > > > -- > Shaz > > -- Shaz |
|
From: Shaz <sha...@gm...> - 2009-06-27 07:05:08
|
Dear Mimi, You mentioned on the site about this patch and also emailed me earlier to use this patch. Can you please specify the behavior of this patch? I am already going through the code but your description can help. As far as I have figured out from the available docs, it uses LSM attributes so which attributes are they? Extended attributes? If you need any assistance for linux-ima website then do let me know because its lacking clarity and amount of documentation for rookies like myself. Thank you. -- Shaz |
|
From: waqar a. <afr...@gm...> - 2009-06-27 06:45:47
|
On Fri, Jun 26, 2009 at 5:32 PM, Subrata Modak <su...@li...>wrote: > On Thu, 2009-06-25 at 08:04 -0400, Mimi Zohar wrote: > > On Thu, 2009-06-25 at 16:17 +0530, Subrata Modak wrote: > > > On Thu, 2009-06-25 at 16:39 +0600, waqar afridi wrote: > > > > > > > > > > > > On Thu, Jun 25, 2009 at 3:11 PM, Subrata Modak > > > > <su...@li...> wrote: > > > > On Thu, 2009-06-25 at 13:00 +0600, waqar afridi wrote: > > > > > Hi All > > > > > > > > > > I have downloaded ltp-full-20090531.tgz and installed it > > > > using the > > > > > commands make autotools, ./configure, make all, make > > > > install. but when > > > > > I try to run a test like > > > > > > > > > > # ./ima_tpm.sh > > > > > ./ima_tpm.sh: 163: source: not found > > > > > ./ima_tpm.sh: 164: setup: not found > > > > > > > > > > I get the error above. What could be the problem, > > > > Desperately need > > > > > help. > > > > > > > > > > > > Look through: > > > > > http://ltp.cvs.sourceforge.net/viewvc/ltp/ltp/testcases/kernel/security/integrity/ima/README > , > > > > on instructions to setup before executing those tests. > > > > > > > > I already have done these steps. but I think the problem will be > with > > > > mounting partition with iversion support(I have done this too, added > > > > iversion to fstab). I am not clear about whats iversion, so thats why > > > > I am going to clear my Idea about iversion. but if some body can help > > > > with both the problem and iversion, I will be very thankful. > > > > > > Mimi, > > > > > > Can you please help Afridi ? > > > > > > Regards-- > > > Subrata > > > > Sure. I'm in the process of updating the web site > > http://linux-ima.sourceforge.net/, but it is a good place to start. > > There's also IMA mailing lists > > http://sourceforge.net/projects/linux-ima. > > Thanks. I am going to put this info as well on: > > http://ltp.cvs.sourceforge.net/viewvc/ltp/ltp/testcases/kernel/security/integrity/ima/README > > Regards-- > Subrata > > > > > Mimi > > > > > > > > > > > > > > > > > > Regards-- > > > > Subrata > > > > > > > > > > > > > > -- > > > > > Waqar Afridi > > > > > Research Associate > > > > > Member: Security Engineering Research Group (SERG) > > > > > IM | Sciences Peshawar > > > > > > > > > > > > > > ------------------------------------------------------------------------------ > > > > > _______________________________________________ > > > > > Ltp-list mailing list > > > > > Ltp...@li... > > > > > https://lists.sourceforge.net/lists/listinfo/ltp-list > > > > > > > > > > > > > > > > > > > > -- > > > > Waqar Afridi > > > > Research Associate > > > > Member: Security Engineering Research Group (SERG) > > > > IM | Sciences Peshawar > > > > > > > I forgot to mention that I am using Ubuntu 9.04, and their is no auditd, but in README it was stated that in case if we have auditd then we will have to patch it. Does these things have something to do with it, The line of fstab is *# / was on /dev/sda1 during installation UUID=4aff6b42-ccde-4a54-9b58-da77e94e8372 / ext3 relatime,errors=remount-ro,iversion 0 1* but i have also tried "*mount -n -o remount,rw,iversion /*" manully. It did not report any error. so what could be the problem. -- Waqar Afridi Research Associate Member: Security Engineering Research Group (SERG) IM | Sciences Peshawar |
|
From: Shaz <sha...@gm...> - 2009-06-19 03:14:36
|
On Thu, Jun 18, 2009 at 2:59 AM, Mimi Zohar <zo...@li...>wrote: > On Sat, 2009-06-13 at 10:51 +0600, Shaz wrote: > > On Sat, Jun 13, 2009 at 9:36 AM, Shahbaz Khan <sha...@gm...> > wrote: > < snip > > > > Is securityfs mounted? In addition, you'll want to mount the > filesystem > > > with i_version support. > > > > Thanks Mimi. Got IMA working without TPM. I have no idea what this > > i_version is and how to enable it? Can someone please indicate some > > information on this? > > Please take a look at the updated linux-ima web page > http://linux-ima.sourceforge.net/. Hopefully this will help get you > started using the in kernel IMA. It has a good description, especially pointing to the documentation of ima_policy in Documentation. :) Thanks. > > Mimi > > > > -- Shaz |
|
From: Mimi Z. <zo...@li...> - 2009-06-17 20:59:46
|
On Sat, 2009-06-13 at 10:51 +0600, Shaz wrote: > On Sat, Jun 13, 2009 at 9:36 AM, Shahbaz Khan <sha...@gm...> wrote: < snip > > > Is securityfs mounted? In addition, you'll want to mount the filesystem > > with i_version support. > > Thanks Mimi. Got IMA working without TPM. I have no idea what this > i_version is and how to enable it? Can someone please indicate some > information on this? Please take a look at the updated linux-ima web page http://linux-ima.sourceforge.net/. Hopefully this will help get you started using the in kernel IMA. Mimi |
|
From: Shaz <sha...@gm...> - 2009-06-13 07:43:35
|
On Sat, Jun 13, 2009 at 10:51 AM, Shaz<sha...@gm...> wrote: > On Sat, Jun 13, 2009 at 9:36 AM, Shahbaz Khan <sha...@gm...> wrote: >> >> On Fri, 2009-06-12 at 20:44 +0600, Shahbaz Khan wrote: >> > On Fri, Jun 12, 2009 at 8:33 PM, Shahbaz Khan<sha...@gm...> wrote: >> > > On Fri, Jun 12, 2009 at 11:59 AM, Shahbaz Khan<sha...@gm...> wrote: >> > >> Hi, >> > >> >> > >> I am using Intel Q45 Express chipset with TPM version 1.2 specs of >> > >> TCG. The kernel version is 2.6.30. Problem is that the TPM drivers >> > >> cannot provide functionality to the TCG TSS giving error message: >> > >> >> > >> "TCSD TDDL ERROR: Could not find a device to open!" >> > >> >> > >> The device node in /dev is also not being created which should be >> > >> "/dev/tpm". If created manually then still it does not work. >> >> Someone mentioned that there are problems with the Intel chip, but >> you're better off searching the tpmdd-devel list. Perhaps this applies: >> hhttp://sourceforge.net/mailarchive/forum.php?thread_name=200811280943427180885%40gmail.com&forum_name=tpmdd-devel >> >> > > The same is true for the IMA service. I checked the kernel security >> > > configuration for IMA test mode like in conventional IMA but could not >> > > find any IMA test mode. Can we somehow run this new integrity module >> > > without IMA? >> > >> > Sorry, i meant without TPM. Can IMA service run without TPM? >> >> Thanks for clarifying. Yes, it goes into Bypass mode if it doesn't find >> a TPM. The first entry containing the boot-aggregate >> in /sys/kernel/security/ima/ascii_runtime_measurements will be 0. >> >> > > >> > > I get "TPM Device not found: TPM Bypass" and no directories are >> > > created in /sys/kernel/security for IMA. Similar issues are also being >> > > faced in 2.6.26-rc8. >> >> Is securityfs mounted? In addition, you'll want to mount the filesystem >> with i_version support. > > Thanks Mimi. Got IMA working without TPM. I have no idea what this > i_version is and how to enable it? Can someone please indicate some > information on this? > >> >> > >> >> > >> What should be done? >> > >> >> > >> Thanks. >> > >> >> > >> -- >> > >> Shaz >> >> I've added IMA testcases to LTP. > > I am interested in measuring SELinux policies, especially the loadable > policy modules. I was not able to comprehend LTP scripts clearly. I am confusing something but got the selinux policy and LPM measurements as I needed it. So my issues are solved but would appreciate help in my confusions regarding "i_version" and LTP. Thanks. > > /sys/kernel/security/ima/policy vanishes if I try to open it for > writing into it! This was my comprehension of the LTP script > load_policy.sh :( > > Please some help needed here to understand. Some indication to good > literature will be appreciated. I am well read on conventional IMA > (LSM based) and SELinux so what else should be read to understand how > LIM based IMA works. > >> >> Mimi > > Apologies for the messy email. Had to do this for record. > > -- > Shaz > -- Shaz |
|
From: Shaz <sha...@gm...> - 2009-06-13 04:51:58
|
On Sat, Jun 13, 2009 at 9:36 AM, Shahbaz Khan <sha...@gm...> wrote: > > On Fri, 2009-06-12 at 20:44 +0600, Shahbaz Khan wrote: > > On Fri, Jun 12, 2009 at 8:33 PM, Shahbaz Khan<sha...@gm...> wrote: > > > On Fri, Jun 12, 2009 at 11:59 AM, Shahbaz Khan<sha...@gm...> wrote: > > >> Hi, > > >> > > >> I am using Intel Q45 Express chipset with TPM version 1.2 specs of > > >> TCG. The kernel version is 2.6.30. Problem is that the TPM drivers > > >> cannot provide functionality to the TCG TSS giving error message: > > >> > > >> "TCSD TDDL ERROR: Could not find a device to open!" > > >> > > >> The device node in /dev is also not being created which should be > > >> "/dev/tpm". If created manually then still it does not work. > > Someone mentioned that there are problems with the Intel chip, but > you're better off searching the tpmdd-devel list. Perhaps this applies: > hhttp://sourceforge.net/mailarchive/forum.php?thread_name=200811280943427180885%40gmail.com&forum_name=tpmdd-devel > > > > The same is true for the IMA service. I checked the kernel security > > > configuration for IMA test mode like in conventional IMA but could not > > > find any IMA test mode. Can we somehow run this new integrity module > > > without IMA? > > > > Sorry, i meant without TPM. Can IMA service run without TPM? > > Thanks for clarifying. Yes, it goes into Bypass mode if it doesn't find > a TPM. The first entry containing the boot-aggregate > in /sys/kernel/security/ima/ascii_runtime_measurements will be 0. > > > > > > > I get "TPM Device not found: TPM Bypass" and no directories are > > > created in /sys/kernel/security for IMA. Similar issues are also being > > > faced in 2.6.26-rc8. > > Is securityfs mounted? In addition, you'll want to mount the filesystem > with i_version support. Thanks Mimi. Got IMA working without TPM. I have no idea what this i_version is and how to enable it? Can someone please indicate some information on this? > > > >> > > >> What should be done? > > >> > > >> Thanks. > > >> > > >> -- > > >> Shaz > > I've added IMA testcases to LTP. I am interested in measuring SELinux policies, especially the loadable policy modules. I was not able to comprehend LTP scripts clearly. /sys/kernel/security/ima/policy vanishes if I try to open it for writing into it! This was my comprehension of the LTP script load_policy.sh :( Please some help needed here to understand. Some indication to good literature will be appreciated. I am well read on conventional IMA (LSM based) and SELinux so what else should be read to understand how LIM based IMA works. > > Mimi Apologies for the messy email. Had to do this for record. -- Shaz |
|
From: Masoom A. <mas...@gm...> - 2009-06-07 02:21:16
|
I have heard that it is possible to run SELinux with the IMA latest version. Can you please shed some light on this? Regards, MM Alam |
|
From: Reiner S. <sa...@us...> - 2009-03-16 03:23:30
|
Hi Ahmed, you are right, if a TPM is recognized by IMA, then every measurement is extended into the TPM as soon as it is created and before control passes to the newly loaded program (this way it is too late for a malicious program to clean its traces). Now, if IMA does not recognize a TPM chip, then this reporting does not happen. IMA works with hardware TPM as well as with a virtual TPM (e.g., on Xen inside a Linux guest). If you want to make it work with another in-kernel TPM device emulator, then this should not be too hard; simply adjust the reporting of a measurement. If your emulator is in user-space, then creating a save way to report the measurement before the measured program is started might be hard; at least affecting performance noticeably. Does this help? Reiner Ahmed Ramadan <ahd...@ho...> wrote on 03/15/2009 11:03:21 AM: > [image removed] > > [Linux-ima-user] IMA integration with TPM Emulator > > Ahmed Ramadan > > to: > > IMA > > 03/15/2009 11:04 AM > > Sorry last mail did not include a subject. > > Hello, > > I am using a tpm emulator with the Java TSS (jTSS) package, to > demonstrate a remote attestation scenario. > Managed to get the IMA patch working, however I get the message NO > TPM-CHIP found (Bypass Mode) which is understandable why. > > My problem is that the "runtime_measurements" aren't reported / > extended into the emulator. > How can they be reported in a secure way ? Is there a workaround ? > Is there any setup guide of IMA with the emulator ? > > For my understanding in machines with real TPM these measurement > would be reported / extended automatically into the TPM ? am i right > on this assumption ? > > > Regards, Ahmed > > Express your personality in color! Preview and select themes for Hotmail®. > See how. > ------------------------------------------------------------------------------ > Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are > powering Web 2.0 with engaging, cross-platform capabilities. Quickly and > easily build your RIAs with Flex Builder, the Eclipse(TM)based development > software that enables intelligent coding and step-through debugging. > Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com > _______________________________________________ > Linux-ima-user mailing list > Lin...@li... > https://lists.sourceforge.net/lists/listinfo/linux-ima-user |
|
From: Ahmed R. <ahd...@ho...> - 2009-03-15 15:03:24
|
Sorry last mail did not include a subject. Hello, I am using a tpm emulator with the Java TSS (jTSS) package, to demonstrate a remote attestation scenario. Managed to get the IMA patch working, however I get the message NO TPM-CHIP found (Bypass Mode) which is understandable why. My problem is that the "runtime_measurements" aren't reported / extended into the emulator. How can they be reported in a secure way ? Is there a workaround ? Is there any setup guide of IMA with the emulator ? For my understanding in machines with real TPM these measurement would be reported / extended automatically into the TPM ? am i right on this assumption ? Regards, Ahmed _________________________________________________________________ Express your personality in color! Preview and select themes for Hotmail®. http://www.windowslive-hotmail.com/LearnMore/personalize.aspx?ocid=TXT_MSGTX_WL_HM_express_032009#colortheme |
|
From: Ahmed R. <ahm...@gm...> - 2009-03-15 11:48:49
|
Hello, I am using a tpm emulator with the Java TSS (jTSS) package, to demonstrate a remote attestation scenario. Managed to get the IMA patch working, however I get the message NO TPM-CHIP found (Bypass Mode) which is understandable why. My problem is that the "runtime_measurements" aren't reported / extended into the emulator. How can they be reported in a secure way ? Is there a workaround ? Is there any setup guide of IMA with the emulator ? For my understanding in machines with real TPM these measurement would be reported / extended automatically into the TPM ? am i right on this assumption ? Regards, Ahmed _________________________________________________________________ Windows Live™: Life without walls. http://windowslive.com/explore?ocid=TXT_TAGLM_WL_allup_1a_explore_032009 |
|
From: Reiner S. <sa...@us...> - 2009-01-20 02:39:57
|
Hi Lavina,
you are missing the right TPM support as you know. Either you do not have
the right driver or you do not have a TPM chip that satisfies the specs.
Both ways, this is a question for the TPM and is unrelated to IMA; IMA
works with any TPM chip, it only connects to the generic part of the TPM
driver.
Please try the trousers mailing list or the Linux user mailing list since
this is standard Linux TPM support.
Greetings
Reiner
"Lavina Jain" <lav...@gm...> wrote on 01/19/2009 06:52:31 PM:
> [image removed]
>
> [Linux-ima-user] Support for Intel TPM chips in IMA/kernel
>
> Lavina Jain
>
> to:
>
> linux-ima-user
>
> 01/19/2009 06:52 PM
>
> Hi,
>
> I have earlier compiled IMA into linux kernel 2.6.24 (Ubuntu 8.04)
> on a lenovo X61. It had Atmel TPM chip. Compiling TPM into the
> kernel worked fine and I could access TPM through trousers and tpm-
> tools in the compiled kernel.
>
> Now I am working on another machine which is lenovo X200. I
> installed Ubuntu 8.04 on it. Since it has an older kernel (2.6.24),
> I applied the older ima patch that I had used on my previous
> machine. But it did not recognize TPM chip.
> Output of dmesg is as follows:
> IMA (TPM/BYPASS - no TPM chip found)
>
> I am not sure of the manufacturer of TPM. There isn't any entry for
> HID of TPM device in ACPI table. It lists something like this:
> Device (TPM)
> {
> Method (HID, 0, NotSerialized)
> {
> TPHY(0x00)
> If(LEqual(TPMV, 0x01))
> {
> Return (0x0201D824)
> }
> ......
> ......
> Return ("INTC0102")
> }
> .............
> }
>
> I suspect that it is an Intel TPM chip. Does the latest IMA patch
> and kernel (2.6.27 in Ubuntu 8.10) have support for Intel TPM chip?
> Any suggestions for getting things working with an Intel TPM chip
> would be greatly appreciated.
>
> Thanks,
> Lavina
>
> --
> "Unravelling life's mysteries and discovering life's secrets may
> take the courage and determination found only in a self-motivated
pursuit."
> - Peter McWilliams
>
------------------------------------------------------------------------------
> This SF.net email is sponsored by:
> SourcForge Community
> SourceForge wants to tell your story.
> http://p.sf.net/sfu/sf-spreadtheword
> _______________________________________________
> Linux-ima-user mailing list
> Lin...@li...
> https://lists.sourceforge.net/lists/listinfo/linux-ima-user
|
|
From: Lavina J. <lav...@gm...> - 2009-01-19 23:52:36
|
Hi,
I have earlier compiled IMA into linux kernel 2.6.24 (Ubuntu 8.04) on a
lenovo X61. It had Atmel TPM chip. Compiling TPM into the kernel worked fine
and I could access TPM through trousers and tpm-tools in the compiled
kernel.
Now I am working on another machine which is lenovo X200. I installed Ubuntu
8.04 on it. Since it has an older kernel (2.6.24), I applied the older ima
patch that I had used on my previous machine. But it did not recognize TPM
chip.
Output of dmesg is as follows:
IMA (TPM/BYPASS - no TPM chip found)
I am not sure of the manufacturer of TPM. There isn't any entry for HID of
TPM device in ACPI table. It lists something like this:
Device (TPM)
{
Method (HID, 0, NotSerialized)
{
TPHY(0x00)
If(LEqual(TPMV, 0x01))
{
Return (0x0201D824)
}
......
......
Return ("INTC0102")
}
.............
}
I suspect that it is an Intel TPM chip. Does the latest IMA patch and kernel
(2.6.27 in Ubuntu 8.10) have support for Intel TPM chip? Any suggestions for
getting things working with an Intel TPM chip would be greatly appreciated.
Thanks,
Lavina
--
"Unravelling life's mysteries and discovering life's secrets may take the
courage and determination found only in a self-motivated pursuit."
- Peter McWilliams
|
|
From: meng <qs...@12...> - 2008-12-29 07:16:10
|
hi all, i came into the same problem as Khanjee did. when i compile the linux kernel 2.6.27, i can't select the item ima. of course, when running dmesg | grep ima, i see nothing. please help me. thank you. meng |
|
From: Reiner S. <sa...@us...> - 2008-12-15 02:52:30
|
meng <qs...@12...> wrote on 12/12/2008 11:42:35 PM: > [image removed] > > [Linux-ima-user] consult with questions on IMA > > meng > > to: > > linux-ima-user > > 12/14/2008 08:53 PM > > Dear Sailer, > I know your email and you from your paper on IMA and the website of > IBM on IMA. IMA is very interesting and is very similar to TNC, i think. > Would you be kind to explain some questions on IMA for me? > 1.you said that "we measure executables only the first time and > after they changed". my question is how the host system know the > file has changed. maybe this is what you named "dirty flag". if a > file has changed in any way, the systme really could know the file > has changed? yes. the dirty flag in the inode is 'reset' when the file is opened with 'write' permission. we only keep this state until the inode is leaving the file system inode cache. > 2.you said the remote system can ask for the measurement list and > the signed aggreate tpm value(pcr). my question is whether an > application on the host system can ask for the measurement list and > the signed pcr if yes, how to do? by tpm_quote and tpm_eventlog or alike? > anyway thank you. sure, local applications can read the measurement list from /sys/kernel/security/ima/ascii_runtime_measurements and get a quote from the local TPM. there are libraries that come with TrouSerS ( http://sourceforge.net/projects/trousers) that can be used as well. Greetings Reiner > best regards, > sincerely Meng > > > 网易免费邮,全球最大的中文免费邮箱 > ------------------------------------------------------------------------------ > SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. > The future of the web can't happen without you. Join us at MIX09 to help > pave the way to the Next Web now. Learn more and register at > http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/ > _______________________________________________ > Linux-ima-user mailing list > Lin...@li... > https://lists.sourceforge.net/lists/listinfo/linux-ima-user |
|
From: meng <qs...@12...> - 2008-12-13 04:42:54
|
Dear Sailer, I know your email and you from your paper on IMA and the website of IBM on IMA. IMA is very interesting and is very similar to TNC, i think. Would you be kind to explain some questions on IMA for me? 1.you said that "we measure executables only the first time and after they changed". my question is how the host system know the file has changed. maybe this is what you named "dirty flag". if a file has changed in any way, the systme really could know the file has changed? 2.you said the remote system can ask for the measurement list and the signed aggreate tpm value(pcr). my question is whether an application on the host system can ask for the measurement list and the signed pcr. if yes, how to do? by tpm_quote and tpm_eventlog or alike? anyway thank you. best regards, sincerely Meng |
|
From: adrian g. <adr...@gm...> - 2008-10-30 07:45:55
|
hi, thank you for your explanation. i tried the measurereq extension on some applications, and i am thinking of trying to modify IMA to hook on every file open and see how much overhead that would bring. can you please give me some tips on where to modify the patch file to do so? i looked at the 2.6.26.3 ima patch file, and i guess that ima_measure_module is called to measure modules, and ima_file_mmap for measuring executables. if i want to measure every file, exceutables and modules would be a subset and it seems that i would have to modify quite a lot of code which i am not confident i will be able to do so correctly. thanks - adrian On Fri, Oct 17, 2008 at 9:41 PM, Reiner Sailer <sa...@us...> wrote: > Hi Adrian, > > there are several levels of guarantees we can distinguish: load-time, > application-start-time, system-start-time > > a) if you change the application to measure the file right before it is > used, IMA offers TOMTOU protection, i.e., the measured file is monitored in > the kernel and if anybody writes to it before the application closes it, > then a violation is reported in the measurement list > --> what you measure is what you read [strongest guarantee IMA offers for > user space apps = load-time guarantee] > > b) if you add a wrapper to the application that simply measures all input > files before the application starts, then an attacker can change those files > between the start-up of the application and the time when the application > consumes those files > --> what you measure is what is in the file at app startup [app start time > guarantee], clearly the longer an application runs, the weaker the > guarantees, especially consider that some daemons offer to send a signal to > re-read quite important configuration files > > c) if you measure important files at system start, then you get protection > from offline changes that can happen between boots or between TCGGrub/IMA > protected boots (the TCG extended GRUB offers to do this very early at boot > time by specifying those files in the grub.conf; alternatively, the kernel > could simply have a list of those files and measure them once the file > systems are mounted into the kernel) > --> what you measure is what the file is at boot time (very weak if the > system is up very long; still much much better than nothing = current state) > --> still detects trap-doored daemons that are changed on disk etc. and > many other things that attack the system in a way that is visible at boot > time > > TO your questions: > Hooking into every file open (not only executables) from within the kernel > is inducing some more overhead. Right now, overhead is negligible. If you > hook into every file operation you have two problems: > a) considerably more overhead > b) compare for each r/x file-open if the file name is in a list (you need > fully qualified names here) is adding even more overhead > > Other than that, and if the list is very small, you could pay the price of > measuring at every open. This way you get around changing apps while still > getting load-time guarantees. Of course you pay with the cost of > checking/measuring the files even if they are opened by an application that > does not interpret them (e.g., editor, ...). > > Reiner > > > [image: Inactive hide details for "adrian golding" ---10/17/2008 02:39:41 > AM---hi, in the IMA documentation, there was a section on equ]"adrian > golding" ---10/17/2008 02:39:41 AM---hi, in the IMA documentation, there was > a section on equipping user space application to measure input files. This > would mean > > > From: > "adrian golding" <adr...@gm...> > To: > lin...@li... > Date: > 10/17/2008 02:39 AM > Subject: > [Linux-ima-user] extending IMA to measure files other than executables > ------------------------------ > > > > hi, in the IMA documentation, there was a section on equipping user space > application to measure input files. This would mean that i apache would have > to be modified with the supplied code in the documentation file in order to > measure a certain config file it loads. However, for another application X, > i would have to do the change to it as well. so i might have to modify code > in many places. > > if i want to modify IMA in a way that before it loads *any* file, it will > check : > a) if its something IMA now already measures > b) if that file is in a "to-be-measured" list (probably stored in the > harddrive - that list itself should also measured), > > if either (a) or (b) is satisfied, the file will be measured. > how feasible is this? How hard is it to implement this modification? > > by allowing the user to specify a list of files that he wants to measure > before they are loaded, what kinds of implications will there be? > > thank you - adrian > ------------------------------------------------------------------------- > This SF.Net email is sponsored by the Moblin Your Move Developer's > challenge > Build the coolest Linux based applications with Moblin SDK & win great > prizes > Grand prize is a trip for two to an Open Source event anywhere in the world > http://moblin-contest.org/redirect.php?banner_id=100&url=/ > _______________________________________________ > Linux-ima-user mailing list > Lin...@li... > https://lists.sourceforge.net/lists/listinfo/linux-ima-user > > > |
|
From: adrian g. <adr...@gm...> - 2008-10-17 06:39:32
|
hi, in the IMA documentation, there was a section on equipping user space application to measure input files. This would mean that i apache would have to be modified with the supplied code in the documentation file in order to measure a certain config file it loads. However, for another application X, i would have to do the change to it as well. so i might have to modify code in many places. if i want to modify IMA in a way that before it loads *any* file, it will check : a) if its something IMA now already measures b) if that file is in a "to-be-measured" list (probably stored in the harddrive - that list itself should also measured), if either (a) or (b) is satisfied, the file will be measured. how feasible is this? How hard is it to implement this modification? by allowing the user to specify a list of files that he wants to measure before they are loaded, what kinds of implications will there be? thank you - adrian |
|
From: adrian g. <adr...@gm...> - 2008-10-14 08:10:08
|
please disregard my last message. i realised that the problem is that the
way i obtain the measurement file (using vim) is also being measured, which
i didn't factor in.
sorry - adrian
On Tue, Oct 14, 2008 at 3:58 PM, adrian golding <adr...@gm...>wrote:
> hi, i tried again to verify the measurements, this time in C:
> i followed closely to the pseudo code provided in the ima INSTALL file:
>
> char fileName[50] = "ascii_runtime_measurements";
> unsigned char* buf, event;
>
> memset(PCR, 0, SHA_DIGEST_LENGTH);
> while(fgets(event, 1024, fd_bin_measurements) != NULL) {
>
> buf = event + 3; // skip to the start of the hash
>
> for(j = 0; j < SHA_DIGEST_LENGTH; j++){
> strncpy(testText, buf + 2*j, 2);
> intResult = convertToInt(testText); //change 2 bytes of char,
> take it as a hex number and change it to int
> //
> intResult will be between 0 to 255.
> memset(tempPointer + j, intResult, 1);
> }
>
> SHA1_Init(&c);
> SHA1_Update(&c, PCR, SHA_DIGEST_LENGTH);
> SHA1_Update(&c, tempPointer, SHA_DIGEST_LENGTH);
> SHA1_Final(PCR, &c);
> }
>
> i assume using the ascii file is alright and i checked the convertToInt
> function and it converts correctly.
> i also ran it several times since a new version of my program generates a
> new reading.
>
> thank you- adrian
>
>
> On Wed, Oct 8, 2008 at 10:58 AM, adrian golding <adr...@gm...>wrote:
>
>> i am trying to write a simple python script to verify my measurements list
>> with PCR10 but it doesn't match. Anybody see the mistake?
>> thank you - adrian
>>
>> previousPCRValue = "0000000000000000000000000000000000000000"
>>
>> for line in obtainedFile.readlines():
>>
>> lineArray = str.split(line)
>> # using ascii measurements file, lineArray[1] is the hash value
>>
>> # concatenation
>> combineHex = previousPCRValue + lineArray[1]
>> # change to binary
>> combineBinary = binascii.unhexlify(combineHex)
>> # hash it
>> computedHash = hashlib.sha1(combineBinary)
>> # change it to hex
>> previousPCRValue = computedHash.hexdigest()
>>
>>
>>
>
|
32 messages has been excluded from this view by a project administrator.
