Project

General

Profile

Actions

action #69742

closed

[sle][security][sle15sp3][IMA/EVM]: enhance the check logic for IMA enforce mode

Added by rfan1 over 3 years ago. Updated over 3 years ago.

Status:
Resolved
Priority:
Low
Assignee:
Category:
-
Target version:
-
Start date:
2020-08-10
Due date:
% Done:

100%

Estimated time:
Difficulty:

Description

We have 2 scripts to check the IMA enforce mode, and one of them is not covering other available modes. (fix/log/off modes)
File this new issue to track and fix it.

find . -type f |xargs grep 'IMA enforced'

./tests/security/ima/ima_appraisal_audit.pm: validate_script_output "grep -E 'ima_appraise=(fix|log|off)' /etc/default/grub || echo 'IMA enforced'", sub { m/IMA enforced/ };
./tests/security/ima/ima_verify.pm: validate_script_output "grep 'ima_appraise=fix' /etc/default/grub || echo 'IMA enforced'", sub { m/IMA enforced/ };


The fix is very simple, we can just modify the test logic as we do in "./tests/security/ima/ima_appraisal_audit.pm"

Actions #2

Updated by rfan1 over 3 years ago

  • Status changed from New to In Progress
  • % Done changed from 10 to 50
Actions #3

Updated by rfan1 over 3 years ago

  • Status changed from In Progress to Feedback
  • % Done changed from 50 to 80

PR merged, wait for the test run in openqa.

Actions #4

Updated by rfan1 over 3 years ago

  • Status changed from Feedback to Resolved
  • % Done changed from 80 to 100
Actions

Also available in: Atom PDF