From: Michael C. <m.c...@gm...> - 2012-02-16 06:02:35
|
Hi All, I was wondering if it would be possible to do the following with IMA and EVM: 1. Check the EVM side of things for _every_ file opened/executed, excluding a few file paths. I primarily want to have signatures on all executables and configuration files, but not live data. 2. Force that IMA/EVM attributes do not change under normal conditions. The machine would need to be rebooted and have the kernel options changed to support attribute overwriting. 3. _Not_ extend the TPM PCR. I'm not trying to use IMA for remote attestation, but rather for ensuring the code and configuration on my machines haven't been tampered with. Now I did read the wiki before posting to the list. I did find information regarding the ima_appraise option, but all it says is what the possible values are, not what they actually mean. I think someone should make that explicit in the wiki. The evm option doesn't have any mention of allowed values, nor a table stating what it all means. So, could someone please update these in the wiki, and is it possible to achieve my objectives from above (the last one isn't a must)? Regards, Michael Cassaniti |