Repository of audit events
Mimi Zohar
zohar at linux.vnet.ibm.com
Fri Apr 11 03:36:15 UTC 2014
On Wed, 2014-04-09 at 18:26 -0700, Peter Moody wrote:
> On Wed, Apr 09 2014 at 10:19, Steve Grubb wrote:
>
> > Missing INTEGRITY_RULE
>
> IMA with an 'audit' rule generates INTEGRITY_RULE messages.
> Missing INTEGRITY_DATA
Failure to collect or appraise file data.
(Requires the filesystem to be labeled w/security.ima and integrity
appraisal enabled.)
> Missing INTEGRITY_HASH
Not used.
> Missing INTEGRITY_METADATA
Before updating/removing 'security.evm' the xattr or modifying file
metadata included in the HMAC calculation(eg. i_ino, i_uid, i_gid,
i_mode, FSUUID, i_generation), EVM verifies the existing value.
(Requires the filesystem to be labeled w/security.evm and integrity
appraisal enabled.)
> Missing INTEGRITY_STATUS
Errors related to the IMA policy.
Mimi
More information about the Linux-audit
mailing list