[Linux-ima-user] Enforcing signatures with IMA

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Hi All,
I was wondering if it would be possible to do the following with IMA and 
EVM:

 1. Check the EVM side of things for _every_ file opened/executed,
    excluding a few file paths. I primarily want to have signatures on
    all executables and configuration files, but not live data.
 2. Force that IMA/EVM attributes do not change under normal conditions.
    The machine would need to be rebooted and have the kernel options
    changed to support attribute overwriting.
 3. _Not_ extend the TPM PCR. I'm not trying to use IMA for remote
    attestation, but rather for ensuring the code and configuration on
    my machines haven't been tampered with.

Now I did read the wiki before posting to the list. I did find 
information regarding the ima_appraise option, but all it says is what 
the possible values are, not what they actually mean. I think someone 
should make that explicit in the wiki. The evm option doesn't have any 
mention of allowed values, nor a table stating what it all means.

So, could someone please update these in the wiki, and is it possible to 
achieve my objectives from above (the last one isn't a must)?

Regards,
Michael Cassaniti