Hi
My system:
Gentoo Hardened - grsec & pax:
/Linux version 3.9.4-grie5 (root@localhost) (gcc version 4.6.3 (Gentoo
Hardened 4.6.3 p1.5, pie-0.5.2) ) #6 SMP PREEMPT Fri Jun 7 19:05:38 CEST
2013/
I have a few questions about Integrity check using IMA / EVM, as
described in this article:
http://www.gentoo.org/proj/en/hardened/integrity/
How to automatically sign installed by Portage packages for the IMA and EVM?
Is it possible to run the added convenience Portage, acting similarly to
currently applying SELinux tags?
Is there a tool similar to rlpkg package policycoreutils to sign files
for EVM / IMA?
Is it possible to use EVM is installed in accordance with this guide:
http://www.gentoo.org/proj/en/hardened/integrity/docs/evm-guide.xml
without SELinux?
As in this case (without SELinux) to the EVM/IMA policy integrity check
that did not include such locations as
//////usr///// share//
/// var///// log//
// /// tmp//
///////var//
// ///////usr /////portage//
// /// media
//////Where /
// var, /tmp and / usr is on rootfs?
/Cheers
;)
My system:
Gentoo Hardened - grsec & pax:
/Linux version 3.9.4-grie5 (root@localhost) (gcc version 4.6.3 (Gentoo
Hardened 4.6.3 p1.5, pie-0.5.2) ) #6 SMP PREEMPT Fri Jun 7 19:05:38 CEST
2013/
I have a few questions about Integrity check using IMA / EVM, as
described in this article:
http://www.gentoo.org/proj/en/hardened/integrity/
How to automatically sign installed by Portage packages for the IMA and EVM?
Is it possible to run the added convenience Portage, acting similarly to
currently applying SELinux tags?
Is there a tool similar to rlpkg package policycoreutils to sign files
for EVM / IMA?
Is it possible to use EVM is installed in accordance with this guide:
http://www.gentoo.org/proj/en/hardened/integrity/docs/evm-guide.xml
without SELinux?
As in this case (without SELinux) to the EVM/IMA policy integrity check
that did not include such locations as
//////usr///// share//
/// var///// log//
// /// tmp//
///////var//
// ///////usr /////portage//
// /// media
//////Where /
// var, /tmp and / usr is on rootfs?
/Cheers
;)