Menu
▾
▴
Re: [Linux-ima-user] syslog and ima measurements
|
From: Mimi Z. <zo...@li...> - 2012-02-13 00:45:40
|
On Sun, 2012-02-12 at 10:40 -0800, Peter Moody wrote: > On Sat, Feb 11, 2012 at 4:05 PM, Mimi Zohar <zo...@li...> wrote: > > On Fri, 2012-02-10 at 10:02 -0800, Peter Moody wrote: > >> I'm probably missing something obvious, but I'm interested in getting > >> the contents of /sys/kernel/security/ima/ascii_runtime_measurements > >> into syslog. Is there an easy way to do this or do I have to write > >> something to do it manually? > > > > The measurements are currently only added to the measurement list. With > > IMA-appraisal, invalid measurements are audited. > > Is auditing the measurements something that you would consider > worthwhile or if I want to do this should I find some syslog-y way of > tailing the measurements file and sending them to syslog myself? The IMA measurement list is meant for remote attestation and would be included in the TPM quote. Could you please explain why you'd want these measurements written to syslog? IMA-appraisal verifies and enforces local file integrity. I don't see a problem with IMA-appraisal auditing both valid and invalid measurements. thanks, Mimi |
