[Linux-ima-user] Newbie question

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hello everyone.
I apologize in advance for a newbie question.

I have a RHEL 6 machine, and I am currently looking to replace tripwire
with IMA, so I have some questions.
My goal is to have local integrity verification (and notification of
failure to verify) for a certain number of files plus anything that is part
of the default IMA policy is OK too.
I am not interested in remote attestation.
I've been reading the Linux-IMA wiki, and it looks like I would need to
have IMA, IMA-Appraisal, and IMA-EVM enabled to achieve this. The last two
will require me to recompile the kernel.
Does this sound right to everyone? I am enabling the right things?
I would really appreciate any feedback/suggestions.

thanks,
Olga