Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/juju4/ansible-harden-ima
Configure Linux kernel's Integrity Measurement Architecture (IMA)
https://github.com/juju4/ansible-harden-ima
Last synced: 12 days ago
JSON representation
Configure Linux kernel's Integrity Measurement Architecture (IMA)
- Host: GitHub
- URL: https://github.com/juju4/ansible-harden-ima
- Owner: juju4
- License: bsd-2-clause
- Created: 2021-10-16T23:51:04.000Z (about 3 years ago)
- Default Branch: main
- Last Pushed: 2024-11-23T23:25:15.000Z (about 2 months ago)
- Last Synced: 2024-11-24T00:18:08.220Z (about 2 months ago)
- Language: Shell
- Size: 59.6 KB
- Stars: 1
- Watchers: 3
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
[![Actions Status - Master](https://github.com/juju4/ansible-harden-ima/workflows/AnsibleCI/badge.svg)](https://github.com/juju4/ansible-harden-ima/actions?query=branch%3Amaster)
[![Actions Status - Devel](https://github.com/juju4/ansible-harden-ima/workflows/AnsibleCI/badge.svg?branch=devel)](https://github.com/juju4/ansible-harden-ima/actions?query=branch%3Adevel)# harden-ima ansible role
Configure Linux kernel's Integrity Measurement Architecture (IMA)
## Requirements & Dependencies
### Ansible
It was tested on the following versions:
* 4.3### Operating systems
Tested on Ubuntu 18.04, 20.04, Centos 7 and 8.
## Example Playbook
Just include this role in your list.
For example```
- host: myhost
roles:
- juju4.harden-ima
```## Variables
N/A
## Continuous integration
```
$ pip install molecule docker
$ molecule test
$ MOLECULE_DISTRO=ubuntu:20.04 molecule test --destroy=never
```## Troubleshooting & Known issues
* Some cloud providers may not support IMA in their stack or bug
Digital Ocean: get Kernel panic at reboot on Ubuntu 20.04 and 21.04. Centos8 image boots normally.## References
* https://sourceforge.net/p/linux-ima/wiki/Home/
* https://www.redhat.com/en/blog/how-use-linux-kernels-integrity-measurement-architecture
* https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/managing_monitoring_and_updating_the_kernel/enhancing-security-with-the-kernel-integrity-subsystem_managing-monitoring-and-updating-the-kernel#enabling-integrity-measurement-architecture-and-extended-verification-module_enhancing-security-with-the-kernel-integrity-subsystem
* https://en.opensuse.org/SDB:Ima_evm#ima-grammar
* https://wiki.strongswan.org/projects/strongswan/wiki/IMA
* https://svs.informatik.uni-hamburg.de/publications/2020/2020-08-27-Bohling-IMA.pdf## License
BSD 2-clause