IMA Digest Lists(IMA 摘要列表扩展)是对内核原生完整性保护机制的增强,它取代了原生 IMA 机制为文件完整性提供保护。 “摘要列表”(digest lists)是一种特殊格式的二进制数据文件,它与 rpm 包一一对应,记录了 rpm 包中受保护文件(即可执行文件和动态库文件)的哈希值。 当正确配置启动参数后,内核将维护一个哈希...
The IMA Digest Lists extension can be also used to grant access to files when appraisal is enabled. There are two possible usages. Access can be granted if the digest of file content is found in a digest list: this is less secure as metadata are not taken into account. Access can be ...
The IMA Digest Lists extension stores in the kernel memory reference values of OS software, and adds a new entry to the measurement list only if calculated file digests are not found among those values. This new type of IMA measurement list which only contains digest lists and unknown files ...
Running transactionPreparing : 1/1Installing : procps-ng-3.3.16-12.oe1.aarch64 1/1Running scriptlet: procps-ng-3.3.16-12.oe1.aarch64 1/1error: digest_list: could not apply security.ima on '/etc/ima/digest_lists/0-metadata_list-rpm-procps-ng-3.3.16-12.oe1.aarch64': Operation no...
注意期中第一条日志,boot_aggregate 是系统启动阶段 TPM PCR 的汇聚值,这个值是汇聚 TPM 设备对应 PCR bank 的值做一个 digest,所使用的摘要算法是根据 TPM 设备版本以及支持的 PCR bank 决定,默认是 SHA1,当然这个摘要也可以通过配置成默认优先 SM3,例子中没有 TPM 设备,所以这里值是 0。 接下来,我们再构...
int ima_calc_hash(struct file *file, char *digest); int ima_calc_template_hash(int template_len, void *template, char *digest); int ima_calc_boot_aggregate(char *digest); void ima_add_violation(struct inode *inode, const unsigned char *filename, const char *op, const char *cause);...
perl-Digest-SHA \ perl-File-Compare \ perl-File-Copy \ perl-FindBin \ perl-IPC-Cmd \ procps \ shadow-utils \ tar \ @@ -33,20 +42,37 @@ RUN set -eux; \ wget -q ${tini_url}.asc -O tini.asc; \ echo "${tini_sha}" /usr/bin/tini | sha256sum -c --strict --quiet; ...
Support for CGI, SSI, HTTP digest (MD5) authorization, WebSocket, WebDAV. HTTPS (SSL/TLS) support using OpenSSL. Optional support for authentication using client side X.509 certificates. Resumed download, URL rewrite, file blacklist, IP-based ACL. May run as Windows service. Download speed lim...