On Wed, 2014-04-09 at 18:26 -0700, Peter Moody wrote: > On Wed, Apr 09 2014 at 10:19, Steve Grubb wrote: > > > Missing INTEGRITY_RULE > > IMA with an 'audit' rule generates INTEGRITY_RULE messages.
> Missing INTEGRITY_DATA Failure to collect or appraise file data. (Requires the filesystem to be labeled w/security.ima and integrity appraisal enabled.) > Missing INTEGRITY_HASH Not used. > Missing INTEGRITY_METADATA Before updating/removing 'security.evm' the xattr or modifying file metadata included in the HMAC calculation(eg. i_ino, i_uid, i_gid, i_mode, FSUUID, i_generation), EVM verifies the existing value. (Requires the filesystem to be labeled w/security.evm and integrity appraisal enabled.) > Missing INTEGRITY_STATUS Errors related to the IMA policy. Mimi -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit