dnoliver/README.md

## README.md

      
    Raw
  

              README.md
            
          
    IMA Helper Scripts


## ima-duplicates.sh
#!/bin/bash

set -euo pipefail

cat /sys/kernel/security/ima/ascii_runtime_measurements | awk '{print $5}' | sort | uniq -c | sort -n -r

## ima-policy.sh
#!/bin/bash

set -euo pipefail

cat << EOF
dont_measure fsmagic=0x9fa0
dont_measure fsmagic=0x62656572
dont_measure fsmagic=0x64626720
dont_measure fsmagic=0x1021994
dont_measure fsmagic=0x1cd1
dont_measure fsmagic=0x42494e4d
dont_measure fsmagic=0x73636673
dont_measure fsmagic=0xf97cff8c
dont_measure fsmagic=0x43415d53
dont_measure fsmagic=0x27e0eb
dont_measure fsmagic=0x63677270
dont_measure fsmagic=0x6e736673
EOF

cat << EOF
dont_measure obj_type=container_share_t
dont_measure obj_type=container_var_lib_t
EOF

cat << EOF
measure func=MMAP_CHECK mask=MAY_EXEC
measure func=BPRM_CHECK mask=MAY_EXEC
measure func=FILE_CHECK euid=0 mask=MAY_EXEC
measure func=FILE_CHECK uid=0 mask=MAY_EXEC
measure func=MODULE_CHECK
measure func=FIRMWARE_CHECK
measure func=POLICY_CHECK
EOF

cat /etc/selinux/targeted/contexts/files/file_contexts | grep [A-Za-z0-9_]*unit_file_t --only-matching | sort | uniq | while read CONTEXT; do
    echo "measure obj_type=${CONTEXT}"
done

cat /etc/selinux/targeted/contexts/files/file_contexts | grep [A-Za-z0-9_]*config_t --only-matching | sort | uniq | while read CONTEXT; do
    echo "measure obj_type=${CONTEXT}"
done

cat /etc/selinux/targeted/contexts/files/file_contexts | grep [A-Za-z0-9_]*conf_t --only-matching | sort | uniq | while read CONTEXT; do
    echo "measure obj_type=${CONTEXT}"
done

cat /etc/selinux/targeted/contexts/files/file_contexts | grep [A-Za-z0-9_]*cert_t --only-matching | sort | uniq | while read CONTEXT; do
    echo "measure obj_type=${CONTEXT}"
done

cat /etc/selinux/targeted/contexts/files/file_contexts | grep [A-Za-z0-9_]*key_t --only-matching | sort | uniq | while read CONTEXT; do
    echo "measure obj_type=${CONTEXT}"
done

cat /etc/selinux/targeted/contexts/files/file_contexts | grep [A-Za-z0-9_]*secret_t --only-matching | sort | uniq | while read CONTEXT; do
    echo "measure obj_type=${CONTEXT}"
done

## ima-volatile.sh
#!/bin/bash

set -euo pipefail

cat /sys/kernel/security/ima/ascii_runtime_measurements | awk '{print $5}' | sort | uniq | while read FILE; do
    if [ ! -f ${FILE} ]; then echo ${FILE}; fi
done
	#!/bin/bash

	set -euo pipefail

	cat /sys/kernel/security/ima/ascii_runtime_measurements \| awk '{print $5}' \| sort \| uniq -c \| sort -n -r
	#!/bin/bash

	set -euo pipefail

	cat << EOF
	dont_measure fsmagic=0x9fa0
	dont_measure fsmagic=0x62656572
	dont_measure fsmagic=0x64626720
	dont_measure fsmagic=0x1021994
	dont_measure fsmagic=0x1cd1
	dont_measure fsmagic=0x42494e4d
	dont_measure fsmagic=0x73636673
	dont_measure fsmagic=0xf97cff8c
	dont_measure fsmagic=0x43415d53
	dont_measure fsmagic=0x27e0eb
	dont_measure fsmagic=0x63677270
	dont_measure fsmagic=0x6e736673
	EOF

	cat << EOF
	dont_measure obj_type=container_share_t
	dont_measure obj_type=container_var_lib_t
	EOF

	cat << EOF
	measure func=MMAP_CHECK mask=MAY_EXEC
	measure func=BPRM_CHECK mask=MAY_EXEC
	measure func=FILE_CHECK euid=0 mask=MAY_EXEC
	measure func=FILE_CHECK uid=0 mask=MAY_EXEC
	measure func=MODULE_CHECK
	measure func=FIRMWARE_CHECK
	measure func=POLICY_CHECK
	EOF

	cat /etc/selinux/targeted/contexts/files/file_contexts \| grep [A-Za-z0-9_]*unit_file_t --only-matching \| sort \| uniq \| while read CONTEXT; do
	echo "measure obj_type=${CONTEXT}"
	done

	cat /etc/selinux/targeted/contexts/files/file_contexts \| grep [A-Za-z0-9_]*config_t --only-matching \| sort \| uniq \| while read CONTEXT; do
	echo "measure obj_type=${CONTEXT}"
	done

	cat /etc/selinux/targeted/contexts/files/file_contexts \| grep [A-Za-z0-9_]*conf_t --only-matching \| sort \| uniq \| while read CONTEXT; do
	echo "measure obj_type=${CONTEXT}"
	done

	cat /etc/selinux/targeted/contexts/files/file_contexts \| grep [A-Za-z0-9_]*cert_t --only-matching \| sort \| uniq \| while read CONTEXT; do
	echo "measure obj_type=${CONTEXT}"
	done

	cat /etc/selinux/targeted/contexts/files/file_contexts \| grep [A-Za-z0-9_]*key_t --only-matching \| sort \| uniq \| while read CONTEXT; do
	echo "measure obj_type=${CONTEXT}"
	done

	cat /etc/selinux/targeted/contexts/files/file_contexts \| grep [A-Za-z0-9_]*secret_t --only-matching \| sort \| uniq \| while read CONTEXT; do
	echo "measure obj_type=${CONTEXT}"
	done