Skip to content
/ go-ima Public

go-ima is a tool that checks if a file has been tampered with. It is useful in ensuring integrity in CI systems

License

MIT license
13 stars 3 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

testifysec/go-ima

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

18 Commits
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 

Repository files navigation

go-ima

goima

Tool that checks the ima-log to see if a file has been tampered with.

How to use

  1. Set the IMA policy to tcb by configuring GRUB GRUB_CMDLINE_LINUX="ima_policy=tcb ima_hash=sha256 ima=on"
  2. Compile
  3. Grant permissions to read /sys/kernel/security/integrity/ima/ascii_runtime_measurements
  4. Run
./go-ima {file to check}

You will get an exit status of 0 if the file has not been modified since inception or boot. If you get an Exit status of 1 it means the IMA log contains at least one hash that does not match what is on disk. This could either be the sign of an attack, or somebody just editing files on your build server.

Limitations

  • Support for verifying against PCR register
  • Support for different hash schemes

About

go-ima is a tool that checks if a file has been tampered with. It is useful in ensuring integrity in CI systems

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

13 stars

Watchers

1 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages