Menu
▾
▴
Re: [Linux-ima-user] syslog and ima measurements
|
From: Peter M. <pm...@go...> - 2012-02-13 00:52:38
|
On Sun, Feb 12, 2012 at 4:42 PM, Mimi Zohar <zo...@li...> wrote: > On Sun, 2012-02-12 at 10:40 -0800, Peter Moody wrote: >> On Sat, Feb 11, 2012 at 4:05 PM, Mimi Zohar <zo...@li...> wrote: >> > On Fri, 2012-02-10 at 10:02 -0800, Peter Moody wrote: >> >> I'm probably missing something obvious, but I'm interested in getting >> >> the contents of /sys/kernel/security/ima/ascii_runtime_measurements >> >> into syslog. Is there an easy way to do this or do I have to write >> >> something to do it manually? >> > >> > The measurements are currently only added to the measurement list. With >> > IMA-appraisal, invalid measurements are audited. >> >> Is auditing the measurements something that you would consider >> worthwhile or if I want to do this should I find some syslog-y way of >> tailing the measurements file and sending them to syslog myself? > > The IMA measurement list is meant for remote attestation and would be > included in the TPM quote. Could you please explain why you'd want > these measurements written to syslog? I'd like to see the measurements on my central log-catcher(s). > IMA-appraisal verifies and enforces local file integrity. I don't see a > problem with IMA-appraisal auditing both valid and invalid measurements. > > thanks, > > Mimi > -- Peter Moody Google 1.650.253.7306 Security Engineer pgp:0xC3410038 |
