Menu
▾
▴
Re: [Linux-ima-user] IMA Configuration
|
From: Marlon C. <mc...@ce...> - 2016-09-06 16:23:00
|
Thank you, I'll take a look. On Tue, Sep 6, 2016 at 11:37 AM, Mark D. Baushke <md...@ju...> wrote: > Marlon Chalegre <mc...@ce...> writes: > > > I have some questions about how to configure the IMA and I'm wondering if > > you could help me understand some things. > > > > 1 - Could I configure the IMA to measure/appraise only specific folder > > and/or file? > > Yes, but this will require labeling the file or directory using LSM > labels (with either SMACK or SE Linux extensions) and then writing an > IMA Policy that uses the label to control the measure/dont_measure and > appraise rules. > > The LSM system must be enabled before IMA if you are going to use it in > this manner. > > > 2 - Is there any example or documentation about how to use different > rules > > like uid, fowner, uuid, LSM labels, etc to limit which files and folders > > must be measured? > > There is some text on the subject on the linux-ima wiki: > > https://sourceforge.net/p/linux-ima/wiki/Home/#defining- > an-lsm-specific-policy > > which mentions adding LSM specific rules. > > > In a previous contact with Zohar, she said to me that the question number > > one is not implemented. Is this a good improvement to be developed? > > I do not know when that was, but it is implemented now. The use of SMACK > vs SE Linux with IMA is largely going to depend on the security > considerations for your particular installation. > > You do have the flexibility to do what you want now. > > -- Mark > -- *Marlon Chalegre* *Software Engineer* |
