Actions
action #69742
closed[sle][security][sle15sp3][IMA/EVM]: enhance the check logic for IMA enforce mode
Start date:
2020-08-10
Due date:
% Done:
100%
Estimated time:
Difficulty:
Description
We have 2 scripts to check the IMA enforce mode, and one of them is not covering other available modes. (fix/log/off modes)
File this new issue to track and fix it.
find . -type f |xargs grep 'IMA enforced'¶
./tests/security/ima/ima_appraisal_audit.pm: validate_script_output "grep -E 'ima_appraise=(fix|log|off)' /etc/default/grub || echo 'IMA enforced'", sub { m/IMA enforced/ };
./tests/security/ima/ima_verify.pm: validate_script_output "grep 'ima_appraise=fix' /etc/default/grub || echo 'IMA enforced'", sub { m/IMA enforced/ };
The fix is very simple, we can just modify the test logic as we do in "./tests/security/ima/ima_appraisal_audit.pm"
Updated by rfan1 about 4 years ago
- % Done changed from 0 to 10
Updated by rfan1 about 4 years ago
- Status changed from New to In Progress
- % Done changed from 10 to 50
Updated by rfan1 about 4 years ago
- Status changed from In Progress to Feedback
- % Done changed from 50 to 80
PR merged, wait for the test run in openqa.
Updated by rfan1 about 4 years ago
- Status changed from Feedback to Resolved
- % Done changed from 80 to 100
Actions