Menu
▾
▴
Re: [Linux-ima-user] Newbie question
|
From: Olga C. <ol...@gm...> - 2014-02-21 19:55:48
|
Mimi, Thanks so much for the reply! If anyone does have a sample policy, both appraisal and measuring, it would really helpful! thanks, Olga -- per aspera ad astra -- On Fri, Feb 21, 2014 at 2:33 PM, Mimi Zohar <zo...@li...>wrote: > On Fri, 2014-02-21 at 10:12 -0500, Olga Chen wrote: > > Hello everyone. > > I apologize in advance for a newbie question. > > > > I have a RHEL 6 machine, and I am currently looking to replace tripwire > > with IMA, so I have some questions. > > > My goal is to have local integrity verification (and notification of > > failure to verify) for a certain number of files plus anything that is > part > > of the default IMA policy is OK too. > > So, the first thing you'll need to do is define a policy. Both > measuring and appraising files are policy based. The new wiki > ima-policy-examples section contains a few basic policies. > > [Side note: anyone using IMA/IMA-appraisal, please consider posting the > policy here for others.] > > > I am not interested in remote attestation. > > Ok > > > I've been reading the Linux-IMA wiki, and it looks like I would need to > > have IMA, IMA-Appraisal, and IMA-EVM enabled to achieve this. The last > two > > will require me to recompile the kernel. > > > Does this sound right to everyone? I am enabling the right things? > > I would really appreciate any feedback/suggestions. > > To enforce local file integrity requires enabling just IMA-appraisal > and, probably, EVM. > > Mimi > > |
