Re: [Linux-ima-user] SML contains numbers in the filename-hint

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Thanks for the prompt reply. I am going for the newer kernel now and will
update on the problem (if persist) soon.

Regards,

--
sohail

On Fri, Apr 8, 2011 at 7:56 PM, Mimi Zohar <zo...@li...> wrote:

> On Fri, 2011-04-08 at 11:27 +0800, Sohail Khan wrote:
> > Hi,
> >
> > The measurement list shows numbers in the filename-hint. Some
> > measurements are given below. Can anyone specify what are these
> > numbers and what should I do if I don't want to measure whatever the
> > numbers represent?
> >
> > I've comment out the BPRM_CHECK & the FILE_CHECK but again getting
> > these numbers. The Kernel version is 2.6.30.
> >
> > ---------------------------------------------------------
> > 10 1508a15636cdbce65789204533e16308d7318b9f ima
> > 10b3c3c4461920e3823e0190168f5a6134c78acc libswt-gnome-gtk-3659.so
> > 10 d8283931375705ce28a09e2e300b033c2de46eae ima
> > 5188431849b4613152fd7bdba6a3ff0a4fd6424b 6450
> > 10 a51b159cce6296eddcc40c5046f513829a87de96 ima
> > 5188431849b4613152fd7bdba6a3ff0a4fd6424b 6468
> > 10 cdc372dce5550ce20dceffd46c809e0b5ac612b5 ima
> > 5188431849b4613152fd7bdba6a3ff0a4fd6424b 6485
> > 10 fdc01dac5eaedf77599667109078e2409bc9670e ima
> > 5188431849b4613152fd7bdba6a3ff0a4fd6424b 6502
> > 10 bf2bb4bb74175a793cda379617371fc8a6b6adca ima
> > ceb7eb4c7d34ebcbaa0837e70bf6b7d5603ecc5a firefox
> > 10 23088bdc778e63ac862c9d218f246941bd84d0e5 ima
> > ad918da9521707e09f2188696e8412e420ad974a libsqlite3.so
> >
> ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
> >
> > Thanks.
>
> Identifying records in the measurement list is a known issue, which will
> be addressed by 'templates'.  Two new templates are being defined,
> ima-ng and ima-nglong, containing additional 'hint' information.  For
> more details on templates, refer to
> http://sourceforge.net/mailarchive/message.php?msg_id=25460938.
>
> Controlling which files to measure, or not, is specified in the IMA
> measurement policy.  Refer to Documentation/ABI/testing/ima_policy of
> the specific kernel. (Changes are backwards compatible, but not forward
> compatible. FILE_CHECK, for example, was previously called PATH_CHECK.)
>
> As IMA was first enabled in 2.6.30 and has gone through numerous changes
> since, how about upgrading to something a bit newer?
>
> thanks,
>
> Mimi
>
>