Menu
▾
▴
Re: [Linux-ima-user] ima_collect_measurement() changes
|
From: Peter M. <pm...@go...> - 2013-02-25 16:31:43
|
On Mon, Feb 25, 2013 at 8:15 AM, Mimi Zohar <zo...@li...> wrote: > On Mon, 2013-02-25 at 07:43 -0800, Peter Moody wrote: >> No issues from me. Do you have any pointers on how something like this >> would be configured? > > I don't think it would be a configuration issue so much. Without > IMA-appraisal enabled, collection would remain the same as it today, > using a single system defined hash algorithm. For those systems with > IMA-appraisal enabled, the file hash/signature in 'security.ima' would > contain the hash algorithm. Prior to collecting, or as part of > collecting, we would need to pre-read the extended attribute to know > which hash algorithm to use. Hey Mimi, thanks for the explanation. We're not using appraisal at the moment so this change wouldn't affect us. Cheers, peter -- [ Peter Moody | Security Engineer | Google ] |
