Menu
▾
▴
Re: [Linux-ima-user] Tutorial for IMA!
|
From: Mimi Z. <zo...@li...> - 2013-12-18 22:11:27
|
On Wed, 2013-12-18 at 21:18 +0100, hassan khan wrote: > I am interested in knowing how the integrity of OS and the applications > running on OS are measured. I am aware of trusted-Grub which measure things > before OS is loaded. > Specifically, I wanted to know, is it the case that user decides for which > application's the user wants its integrity to be measured? In other words, > can he leave out some applications which he does not want to get measured. > From Measurement I mean that the hashes of some application is calculated. > Just digging deeper, what exactly gets measured in applications i.e just > binaries or executables? and same question goes for the OS, that which > files are hashed, loosely saying, OS will have several files in it i.e > libraries, configurations files etc.. Both IMA measurement and appraisal are policy based. If specified on the boot command line, the builtin 'ima_tcb' policy measures all files executed, mmapped, and all files read by root. The builtin 'ima_appraise_tcb' policy verifies the integrity of all files owned by root. For more inforamtion, refer to Documentation/ABI/testing/ima_policy. thanks, Mimi |