Menu
▾
▴
Re: [Linux-ima-user] Creating custom IMA policies
|
From: Mark D. B. <md...@ju...> - 2016-11-13 21:50:28
|
Black Rabbit <bla...@gm...> writes: > I tried to create rules to measure specific single files, that can either > be executed (Bash files) or opened (Text files). The IMA Policy does not let you directly manipulate files. > Is it even possible to define specific files that should be measured by > IMA, maybe by defining the entire path like `/home/user/test.txt' or > '/home/user/exec.sh'? Yes, but you typically need to use an LSM label (as with SMACK or SELinux) for the group of files and then measure or appriase the LSM label. See this thread: https://sourceforge.net/p/linux-ima/mailman/message/25990539/ > Are there maybe any tutorials for such rules (I have already looked at > the default policy file structure)? Google should dig up a few slide decks on using SMACK with IMA or SELinux with IMA Good luck, -- Mark |
