Re: [Linux-ima-user] info IMA

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hi Salvo,

IMA is not an access enforcement technology. It simply keeps a log of what
is loaded into the run-time of a system. As part of running applications,
IMA can also measure configuration files that might be important to
conclude about the integrity of the configuration a running application.
This helps a remote party to reason about the run-time integrity from the
point the system boots and applications start.

The documentation for the IMA patch is included in the patch. After
patching the kernel, the ima documentation can be found in the
Documentation subdirectory of the linux kernel source code.

Some more info on how IMA works can be found:
http://domino.research.ibm.com/comm/research_people.nsf/pages/sailer.ima.html

For your problem, you might look at applications that focus on the secure
root of storage part of trusted computing, such as EVM/SLIM.
http://lwn.net/Articles/160126/            and related recent 2007 kernel
mailing list postings

Best
Reiner
__________________________________________________________
Reiner Sailer, Research Staff Member, Secure Systems Department
IBM T J Watson Research Ctr, 19 Skyline Drive, Hawthorne NY 10532
Phone: 914 784 6280  (t/l 863)  Fax: 914 784 6205, sa...@us...
http://www.research.ibm.com/people/s/sailer/

  From:       "Salvatore Caratozzolo" <s.c...@ca...>                                                                  

  To:         lin...@li...                                                                                       

  Date:       11/06/2007 04:49 AM                                                                                                        

  Subject:    [Linux-ima-user] info IMA                                                                                                  

hi
i downloaded IMA and i'd like to use it to prevent
tampering attacks to my filesystem!it is possible?
example:
if i add etc/passwd to the database (or list) of IMA, if i
try to modify it , IMa must asks me a password or my TPM
owner password to let do it!

if so how does IMA use TPM to control the file?

i want to use it with my Broadcom TPM v1.2 , Kubuntu 7.04,
Feisty Fawn with 2.6.20.16 kernel.

does exist a guide to install the patch?

tnx for your support!
salvo

-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
Linux-ima-user mailing list
Lin...@li...
https://lists.sourceforge.net/lists/listinfo/linux-ima-user