integrity: audit
This patch adds support to auditd for integrity messages, which are
issued as a result of the integrity patchset that was applied to the
security-testing-2.6/#next tree.
Signed-off-by: Mimi Zohar zo...@us.ibm.com
Index: audit-1.7.11/src/ausearch-parse.c
On Friday 06 February 2009 11:15:14 am Mimi Zohar wrote:
The integrity auditing discussions took place a while ago in August 2007
(http://osdir.com/ml/linux.redhat.security.audit/2007-09/msg7.html).
Thanks for the refresh. Its been so long, I forgot about this. :) Re-reading
the thread,
Signed-off-by: Mimi Zohar zo...@us.ibm.com
Signed-off-by: James Morris jmor...@namei.org
---
diff --git a/MAINTAINERS b/MAINTAINERS
index 6bd7d47..12fc280 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -2175,6 +2175,11 @@ M: stef...@s5r6.in-berlin.de
L:
The number of calls to ima_path_check()/ima_file_free()
should be balanced. An extra call to fput(), indicates
the file could have been accessed without first being
measured.
Although f_count is incremented/decremented in places other
than fget/fput, like fget_light/fput_light and get_file, the
Sequentialize access to the policy file
- permit multiple attempts to replace default policy with a valid policy
Signed-off-by: Mimi Zohar zo...@us.ibm.com
Acked-by: Serge Hallyn se...@us.ibm.com
Signed-off-by: James Morris jmor...@namei.org
---
diff --git a/security/integrity/ima/ima_fs.c
This patch replaces the generic integrity hooks, for which IMA registered
itself, with IMA integrity hooks in the appropriate places directly
in the fs directory.
Signed-off-by: Mimi Zohar zo...@us.ibm.com
Acked-by: Serge Hallyn se...@us.ibm.com
Signed-off-by: James Morris jmor...@namei.org
---
IMA provides hardware (TPM) based measurement and attestation for
file measurements. As the Trusted Computing (TPM) model requires,
IMA measures all files before they are accessed in any way (on the
integrity_bprm_check, integrity_path_check and integrity_file_mmap
hooks), and commits the
Support for a user loadable policy through securityfs
with support for LSM specific policy data.
- free invalid rule in ima_parse_add_rule()
Signed-off-by: Mimi Zohar zo...@us.ibm.com
Acked-by: Serge Hallyn se...@us.ibm.com
Signed-off-by: James Morris jmor...@namei.org
---
diff --git
Make the measurement lists available through securityfs.
- removed test for NULL return code from securityfs_create_file/dir
Signed-off-by: Mimi Zohar zo...@us.ibm.com
Acked-by: Serge Hallyn se...@us.ibm.com
Signed-off-by: James Morris jmor...@namei.org
---
diff --git
The integrity patches are in security-testing-2.6/#next and the auditd
patch I just posted to linux-audit. How do you suggest we go forward?
We need to go over the event format and make sure its got everything we need
in it. We also need to review the code that touches the audit system
Hi,
Thanks for sending the audit piece to the mail list so we could go over the
details without bothering the whole lkml. I have some comments in line below.
On Friday 06 February 2009 02:52:07 pm Mimi Zohar wrote:
diff --git a/Documentation/kernel-parameters.txt
11 matches
Mail list logo
