Gentoo Logo

System Integrity, Compliance and Reporting

Content:

1.  Project Description

This project will support the Linux IMA/EVM technology within Gentoo Linux, as well as other integrity-related technologies together with compliance and reporting specific technologies. It will support the necessary kernel patches, utilities and documentation to make integrity checks, compliance and reporting available to the wider public. The primary focus is to prevent tampering of files, settings and images: when this occurs, the boot-up of the system detects the tampering and refuses to load further (or report this to the administrator). Online tampering detection is a second step.

Next to the integrity subsystem within Linux (IMA/EVM), this project will also support the various trusted computing technologies (such as TPM support) through well-documented guides and tools.

2.  Project Goals

The main goal of this project is to support all integrity-related technologies in Gentoo Linux, offering good integration, tools and documentation to help users in setting up a more secure, managed environment, fully in line with the Gentoo Hardened vision.

3.  What is IMA/EVM?

Integrity Measurement Architecture

IMA, or Integrity Measurement Architecture, is a Linux kernel integrity subsystem which aims to detect if files have been altered. It supports the collection of file integrity data (hashing), storage of the integrity values both locally (in extended attributes) and through TPM (Trusted Platform Module) protection. If a TPM is present, it can sign these integrity results so that interested parties can attest that the system has not been tampered with.

A fourth function, called "appraisal", has recently been accepted in the main Linux kernel. This function allows local validation of the integrity value against a known good value.

Extended Verification Module

While IMA provides a layer of protection against tampering of file content, EVM (Extended Verification Module) provides protection against tampering of file metadata (more specifically the security extended attributes). And as IMA stores the integrity values of the files in such extended attributes, it makes sense to properly protect these too.

4.  Developers

Developer Nickname Role
Sven Vermeulen swift Lead

All developers can be reached by e-mail using nickname@gentoo.org.

5.  Resources

Resources offered by the Integrity project are:

6.  I Want to Participate

To participate in the Integrity project first join the mailing list at gentoo-hardened@gentoo.org and, if you can, visit our online IRC channel at #gentoo-hardened on irc.freenode.net.

As this project is brand new, there are still lots of fields to contribute in: supporting the IMA patches, documentation, TPM and trusted computing support in general, etc.



Print

Summary: The integrity subproject aims to integrate and maintain technologies related to system integrity within Gentoo Hardened. Its first focus will be on the Linux IMA/EVM implementation, but this will be extended towards other integrity, compliance and reporting related technologies.

Gentoo Project
script generated

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.