action #69742

closed

[sle][security][sle15sp3][IMA/EVM]: enhance the check logic for IMA enforce mode

Added by rfan1 over 3 years ago. Updated over 3 years ago.

Status:

Resolved

Priority:

Low

Assignee:

rfan1

Category:

Target version:

Start date:

2020-08-10

Due date:

% Done:

100%

Estimated time:

Difficulty:

Description

We have 2 scripts to check the IMA enforce mode, and one of them is not covering other available modes. (fix/log/off modes)
File this new issue to track and fix it.

find . -type f |xargs grep 'IMA enforced'¶

./tests/security/ima/ima_appraisal_audit.pm: validate_script_output "grep -E 'ima_appraise=(fix|log|off)' /etc/default/grub || echo 'IMA enforced'", sub { m/IMA enforced/ };
./tests/security/ima/ima_verify.pm: validate_script_output "grep 'ima_appraise=fix' /etc/default/grub || echo 'IMA enforced'", sub { m/IMA enforced/ };

The fix is very simple, we can just modify the test logic as we do in "./tests/security/ima/ima_appraisal_audit.pm"

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

QA » openQA Project » openQA Tests

Tags

Custom queries

action #69742

[sle][security][sle15sp3][IMA/EVM]: enhance the check logic for IMA enforce mode

find . -type f |xargs grep 'IMA enforced'¶

Updated by rfan1 over 3 years ago

Updated by rfan1 over 3 years ago

Updated by rfan1 over 3 years ago

Updated by rfan1 over 3 years ago