Skip to content

Instantly share code, notes, and snippets.

@hackers-terabit

hackers-terabit/imahelper.sh

Last active May 31, 2017 06:09
Show Gist options
  • Save hackers-terabit/6b3699ad53f89711bb343959ecfdc7bf to your computer and use it in GitHub Desktop.
Save hackers-terabit/6b3699ad53f89711bb343959ecfdc7bf to your computer and use it in GitHub Desktop.
Download ZIP
Help measure/appraise(sign) system for immutability
Raw
imahelper.sh
#!/bin/bash
whitelist="./whitelist"
verbose=1
#generate unencrypted openssl pub/private rsa keypair
echo "generating signing key"
openssl genrsa -out /etc/rsa_private.pem 4096
openssl rsa -pubout -in /etc/rsa_private.pem -out /etc/rsa_public.pem
#import public signing key
ima_id=`keyctl newring _ima @u`
evmctl import --rsa /etc/rsa_public.pem $ima_id
echo "Imported signing key"
echo "Measuring and signing files not found in whitelist"
echo "This will take a very long time, go watch a movie or something..."
find / \( -fstype rootfs -o -fstype ext4 \) -type f | grep -vf $whitelist |
while read filepath
do
#measure
evmctl ima_hash "$filepath"
#sign for appraisal excluding whitelist paths
evmctl sign --rsa -k /etc/rsa_private.pem --uuid --imasig "$filepath"
if [ $verbose -ge 1 ]
then
echo "Measured/Appraised:$filepath"
fi
done
echo "Done."
@hackers-terabit
Copy link
Author

Current "whitelist" file:


/home/.keep
/home/user/.mozilla/firefox/Crash Reports/*
/home/user/.serverauth*
/home/user/.bash_logout
/home/user/firefox-profile/
/home/user/firefox-profile/compatibility.ini
/home/user/firefox-profile/healthreport
/home/user/firefox-profile/webappsstore.sqlite-wal
/home/user/firefox-profile/sessionstore-backups/*
/home/user/firefox-profile/sessionCheckpoints.json
/home/user/firefox-profile/places.sqlite
/home/user/firefox-profile/search.json.mozlz4
/home/user/firefox-profile/minidumps
/home/user/firefox-profile/datareporting/*
/home/user/firefox-profile/datareporting/aborted-session-ping
/home/user/firefox-profile/datareporting/session-state.json
/home/user/firefox-profile/healthreport.sqlite-shm
/home/user/firefox-profile/healthreport.sqlite-wal
/home/user/firefox-profile/gmp-gmpopenh264*
/home/user/firefox-profile/formhistory.sqlite
/home/user/firefox-profile/key3.db
/home/user/firefox-profile/places.sqlite-wal
/home/user/firefox-profile/times.json
/home/user/firefox-profile/revocations.txt
/home/user/firefox-profile/HTTPSEverywhereUserRules
/home/user/firefox-profile/cookies.sqlite-wal
/home/user/firefox-profile/webapps
/home/user/firefox-profile/webapps/webapps.json
/home/user/firefox-profile/storage/*
/home/user/firefox-profile/crashes/*
/home/user/firefox-profile/secmod.db
/home/user/firefox-profile/webappsstore.sqlite
/home/user/firefox-profile/blocklist.xml
/home/user/firefox-profile/mimeTypes.rdf
/home/user/firefox-profile/lock
/home/user/firefox-profile/extension-data
/home/user/firefox-profile/extension-data/ublock0.sqlite
/home/user/firefox-profile/addons.json
/home/user/firefox-profile/cookies.sqlite-shm
/home/user/firefox-profile/thumbnails
/home/user/firefox-profile/frequencyCap.json
/home/user/firefox-profile/xulstore.json
/home/user/firefox-profile/.parentlock
/home/user/firefox-profile/safebrowsing/*
/home/user/firefox-profile/cache2/*
/home/user/firefox-profile/_CACHE_CLEAN_
/home/user/firefox-profile/places.sqlite-shm
/home/user/firefox-profile/startupCache
/home/user/firefox-profile/startupCache/startupCache.8.little
/home/user/firefox-profile/webappsstore.sqlite-shm
/home/user/firefox-profile/OfflineCache
/home/user/firefox-profile/OfflineCache/index.sqlite
/home/user/firefox-profile/content-prefs.sqlite
/home/user/firefox-profile/healthreport.sqlite
/home/user/firefox-profile/SiteSecurityServiceState.txt
/home/user/firefox-profile/directoryLinks.json
/home/user/firefox-profile/bookmarkbackups/*
/home/user/firefox-profile/cookies.sqlite
/home/user/firefox-profile/permissions.sqlite
/home/user/.serverauth*
/home/user/.ssh
/home/user/.dbus
/home/user/.dbus/session-bus/*
/home/user/.config
/home/user/.config/geany/*
/home/user/.config/terminology/*
/home/user/.Xauthority
/home/user/.cache
/home/user/.cache/*
/home/user/.ecore/*
/var/log/*
/var/cache/*
/var/tmp/*
/tmp/*
/var/spool/*
/var/empty/*
/var/nullmailer/*
/var/adm
/var/lock
/var/lib
/var/lib/.keep
/var/lib/dbus
/var/lib/dbus/machine-id
/var/lib/dbus/.keep_sys-apps_dbus-0
/var/lib/misc
/var/lib/misc/random-seed
/var/lib/ip6tables
/var/lib/ip6tables/.keep_net-firewall_iptables-0
/var/lib/aide
/var/lib/aide/.keep_app-forensics_aide-0
/var/lib/iptables
/var/lib/iptables/.keep_net-firewall_iptables-0
/var/lib/iptables/rules-save
/var/lib/xkb
/var/lib/xkb/README.compiled
/var/lib/arpd
/var/lib/ntp
/var/lib/ntp/.keep_net-misc_ntp-0
/var/lib/gentoo/news/*
/var/lib/portage/*
/var/lib/alsa
/var/lib/alsa/.keep_media-sound_alsa-utils-0.9
/var/account
/var/account/pacct
/var/account/.keep_sys-process_acct-0
/var/run/*
/mtab
/etc/dnscrypt-proxy.conf
/etc/X11/Sessions
/etc/X11/Sessions/awesome
/etc/X11/Sessions/Xsession
/etc/X11/Sessions/wmii
/etc/X11/xinit
/etc/mtab
/etc/config-archive/*
/etc/cron.hourly/*
/etc/cron.deny
/etc/DIR_COLORS
/etc/fstab
/etc/portage/*
/etc/cron.weekly/*
/etc/cron.monthly/*

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment