diff options
| author | Armin Kuster <akuster808@gmail.com> | 2019-05-25 23:10:33 -0700 |
|---|---|---|
| committer | Armin Kuster <akuster808@gmail.com> | 2019-05-26 21:58:11 -0700 |
| commit | 17acb4ec73bce3aef39569b0d9f14f598ef3dd47 (patch) | |
| tree | 95a42a06aca6125919726d9efe1a5ee6dbdcee42 | |
| parent | cc754f8e8fc67ebae3dcd5e170cecd1c3b7fc60f (diff) | |
| download | meta-security-17acb4ec73bce3aef39569b0d9f14f598ef3dd47.tar.gz | |
policy: add ima appraise all policy
Signed-off-by: Armin Kuster <akuster808@gmail.com>
| -rw-r--r-- | meta-integrity/recipes-security/ima_policy_appraise_all/files/ima_policy_appraise_all | 29 | ||||
| -rw-r--r-- | meta-integrity/recipes-security/ima_policy_appraise_all/ima-policy-appraise-all_1.0.bb | 18 |
2 files changed, 47 insertions, 0 deletions
diff --git a/meta-integrity/recipes-security/ima_policy_appraise_all/files/ima_policy_appraise_all b/meta-integrity/recipes-security/ima_policy_appraise_all/files/ima_policy_appraise_all new file mode 100644 index 0000000..36e71a7 --- /dev/null +++ b/meta-integrity/recipes-security/ima_policy_appraise_all/files/ima_policy_appraise_all | |||
| @@ -0,0 +1,29 @@ | |||
| 1 | # | ||
| 2 | # Integrity measure policy (http://sourceforge.net/p/linux-ima/wiki/Home/#measure-nothing-appraise-everything) | ||
| 3 | # | ||
| 4 | # Do not measure anything, but appraise everything | ||
| 5 | # | ||
| 6 | # PROC_SUPER_MAGIC | ||
| 7 | dont_appraise fsmagic=0x9fa0 | ||
| 8 | # SYSFS_MAGIC | ||
| 9 | dont_appraise fsmagic=0x62656572 | ||
| 10 | # DEBUGFS_MAGIC | ||
| 11 | dont_appraise fsmagic=0x64626720 | ||
| 12 | # TMPFS_MAGIC | ||
| 13 | dont_appraise fsmagic=0x01021994 | ||
| 14 | # RAMFS_MAGIC | ||
| 15 | dont_appraise fsmagic=0x858458f6 | ||
| 16 | # DEVPTS_SUPER_MAGIC | ||
| 17 | dont_appraise fsmagic=0x1cd1 | ||
| 18 | # BIFMT | ||
| 19 | dont_appraise fsmagic=0x42494e4d | ||
| 20 | # SECURITYFS_MAGIC | ||
| 21 | dont_appraise fsmagic=0x73636673 | ||
| 22 | # SELINUXFS_MAGIC | ||
| 23 | dont_appraise fsmagic=0xf97cff8c | ||
| 24 | # NSFS_MAGIC (introduced in 3.19, see cd025f7 and e149ed2 in the upstream Linux kernel) | ||
| 25 | dont_appraise fsmagic=0x6e736673 | ||
| 26 | # EFIVARFS_MAGIC | ||
| 27 | dont_appraise fsmagic=0xde5e81e4 | ||
| 28 | |||
| 29 | appraise | ||
diff --git a/meta-integrity/recipes-security/ima_policy_appraise_all/ima-policy-appraise-all_1.0.bb b/meta-integrity/recipes-security/ima_policy_appraise_all/ima-policy-appraise-all_1.0.bb new file mode 100644 index 0000000..b58d3fe --- /dev/null +++ b/meta-integrity/recipes-security/ima_policy_appraise_all/ima-policy-appraise-all_1.0.bb | |||
| @@ -0,0 +1,18 @@ | |||
| 1 | SUMMARY = "IMA sample simple appraise policy " | ||
| 2 | LICENSE = "MIT" | ||
| 3 | LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420" | ||
| 4 | |||
| 5 | # This policy file will get installed as /etc/ima/ima-policy. | ||
| 6 | # It is located via the normal file search path, so a .bbappend | ||
| 7 | # to this recipe can just point towards one of its own files. | ||
| 8 | IMA_POLICY ?= "ima_policy_appraise_all" | ||
| 9 | |||
| 10 | SRC_URI = " file://${IMA_POLICY}" | ||
| 11 | |||
| 12 | do_install () { | ||
| 13 | install -d ${D}/${sysconfdir}/ima | ||
| 14 | install ${WORKDIR}/${IMA_POLICY} ${D}/${sysconfdir}/ima/ima-policy | ||
| 15 | } | ||
| 16 | |||
| 17 | FILES_${PN} = "${sysconfdir}/ima" | ||
| 18 | RDEPENDS_${PN} = "ima-evm-utils" | ||