Re: [Linux-ima-user] How to configure measurement list

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hi Jason,

yes, from my experience you can set the IMA policy only once
and then the policy file disappears. This is probably a security
feature preventing malware or a mischievous superuser from
intentionally weakening the IMA policy at a later stage.

I set the policy at the earliest possible stage using a
dracut initramfs.

Best regards

Andreas

On 13.09.2012 10:24, Jason Chow wrote:
> Hi Andreas,
>  
> After I rebooted the machine, the 'permission denied' error disappeard.
> Howerver, once I cat a policy into '<security fs>/ima/policy', the
> policy file disapperd, is that a normal situation? And if I want to
> change the policy into another one, what can I do except for rebooting
> the machine.
>  
> Thanks and regards,
> Jason 
> 
> 2012/9/13 Jason Chow <jas...@gm...
> <mailto:jas...@gm...>>
> 
>     Hi Andreas,
>      
>     When I use cat to input my policy into '<security fs>/ima/policy'
>     with root account, 'permission denied' error came out to reject the
>     modification.
>     Do you have any idea about this?
>     Thanks for your help.
>      
>     Jason 
> 
>     2012/9/11 Andreas Steffen <and...@st...
>     <mailto:and...@st...>>
> 
>         Hi Jason,
> 
>         you find information on how to define a custom-defined IMA policy
>         under this link:
> 
>         http://sourceforge.net/apps/mediawiki/linux-ima/index.php?title=Main_Page#Defining_an_LSM_specific_policy
> 
>         The custom policy is applied during the early boot process using
>         a dracut initramfs.
> 
>         If you want to specify specific files or directories to be measured
>         then you must tag your file system using SE Linux. I tried this
>         approach to measure all Linux kernel modules. Have a look at the
>         custom IMA policy shown in Fig. 6 of my Linux IMA remote
>         attestation paper
> 
>         http://www.strongswan.org/lss2012.pdf
> 
>         Best regards
> 
>         Andreas
> 
>         On 10.09.2012 16:17, Jason Chow wrote:
>         > Hi all,
>         >
>         > I'm a newbie in IMA, and I'm very interested in it. Could you
>         help me to
>         > get familiar with it. Thanks a lot.
>         >
>         > As I know, new kernel has already put IMA in mainline. And I have
>         > already enabled it. But I'm confused with how to configure the
>         measument
>         > list to make it do a measument for files as I wished. However
>         I cannot
>         > find any documents about how to do this configuration. Any
>         help from you
>         > will be highly appreciated.
>         >
>         > Thanks a lot.
>         >
>         > Jason
======================================================================
Andreas Steffen                         and...@st...
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==