Package ima-evm-integrity-check: Information
Source package: ima-evm-integrity-check
Version: 0.7.7-alt1
Build time: Nov 21, 2024, 04:59 PM
Category: System/Base
Report package bugLicense: GPLv2+
Summary: IMA/EVM integrity check
Description:
This package make use of the IMA and EVM technologies from the Linux integrity subsystem. Basically IMA and EVM provide the following functionality: - measurement (hashing) of file content as it is accessed and keeping track of this information in an audit log; - appraisal of files, which allows to prevent access when a measurement (hash) or digital signature does not match the expected value. This package requires kernel with corresponding config options enabled.
List of RPM packages built from this SRPM:
ima-evm-integrity-check (noarch)
make-initrd-integrity (noarch)
ima-evm-integrity-check (noarch)
make-initrd-integrity (noarch)
Maintainer: Paul Wolneykien
Last changed
Nov. 21, 2024 Paul Wolneykien 1:0.7.7-alt1
- Fix: Don't run update-grub if /etc/sysconfig/grub2 doesn't exist. - controls: Return error if specified configuration variable isn't defined anywhere. - Fix handling of /boot/boot.conf. - Provide next epoch of 'cert-distro-updater' and 'updater' packages to make upgrade possible (+ conflict them).
Sept. 5, 2024 Paul Wolneykien 0.7.6-alt1
- Make the contents of /etc/sysconfig/integrity override values set in /etc/integrity/config.
May 30, 2024 Paul Wolneykien 0.7.5-alt1
- Use 0x80000002 as the default EVM mode. - Automatically enable --with-evm for integrity-sign --verify if EVM is enabled in the kernel. - Fix: Disable autoreq for integrity initrd script. - Added notes about new features (README and man). - Pass explicit EVM option via state file to Stage II. - Fix: Reconfigure bootloader on each stage. - Fix: Delete old /var/lib/integrity_update/default. - Don't touch filesystem immutable bit in EVM mode. - Added option --without-evm. - Run make-initrd with normal log output. - Allow to cancel loading the system if IMA policy fails to load. - Check loading of IMA and EVM policy at system boot (ima-check.service). - Load IMA policy at initrd stage only when ima_appraise=enforce. - Run make-initrd with normal log output. - Fixed OpenSSL GOST module path when copying to initrd. - Fix: Abort on some make-initrd errors.