Boot Ima File Download !FREE!
Change the boot command line parameter to 'ima_appraise=fix' to enable IMA-appraisal by loading EVM and signing the extended attributes on the ROOTFS. On the bootcommand line parameter 'ima_appraise_tcb=1' and all of the tunables configured in /usr/local/etc/ima/tunables.conf
boot ima file download
Create a file_ids and a finger_map file to match the real IMA application extended attribute IDs to the fingers that measure them. This results in no self-authenticating measurement fingerprints to match. Make sure that your firewall is configured to allow connections from anywhere. Non-routable measurement fingerprints can still be used to identify IMA applications that are not using these fingerprints.
If a filesystem has been measured by IMA-appraisal, but a reboot has not been performed, the filesystem measurement will show as bad according to the integrity list maintained by IMA-appraisal. The initial condition for a bad measurement can then be fixed by doing an in-place file remeasurement from a good value.
The IMA-appraisal module has been upstreamed in the Linux 3.7 kernel. This extension is enabled by the IMA-appraise_tcb and ima_appraise boot options. IMA-appraise support is currently only available on 64-bit kernels, and only on TPM 1.2 compliant hardware, although it is likely to work on TPM 1.3 or later soon.
A new IMA-appraisal service is available on Debian. To obtain a functional IMA-appraise service (and a functional IMA-appraise service on Arch Linux users can recompile the kernel for IMA-appraise), a user must install the new IMA-appraise service. Users with older kernels can use boot options ima_appraise_tcb and ima_appraise to enable IMA-appraise while using a previous kernel. IMA-appraise can be enabled by the kernel command line option ima_appraise=fix.