4a2f55eed2
Fix below linters errors
E010 The "do" should be on same line as for
E010 The "do" should be on same line as while
E011 Then keyword is not on same line as if or elif keyword
E020 Function declaration not in format ^function name {$
Ignore:
E041 Arithmetic expansion using $[ is deprecated for $((
E042 local declaration hides errors
E043 Arithmetic compound has inconsistent return semantics
E044 Use [[ for non-POSIX comparisions
Story: 2003366
Task: 24423
Change-Id: I8b6b72e702d3e89d1813772d6bf16819e28e818c
Signed-off-by: Martin Chen <haochuan.z.chen@intel.com>
60 lines
1.7 KiB
Bash
Executable File
60 lines
1.7 KiB
Bash
Executable File
#! /bin/bash
|
|
#
|
|
# Copyright (c) 2017 Wind River Systems, Inc.
|
|
#
|
|
# SPDX-License-Identifier: Apache-2.0
|
|
#
|
|
|
|
|
|
# Loads Up Utilities and Commands Variables
|
|
source /usr/local/sbin/collect_parms
|
|
source /usr/local/sbin/collect_utils
|
|
|
|
function is_extended_profile {
|
|
if [ ! -n "${security_profile}" ] || [ "${security_profile}" != "extended" ]; then
|
|
return 0
|
|
else
|
|
return 1
|
|
fi
|
|
}
|
|
|
|
SERVICE="ima"
|
|
LOGFILE="${extradir}/${SERVICE}.info"
|
|
|
|
###############################################################################
|
|
# All Node Types
|
|
###############################################################################
|
|
|
|
is_extended_profile
|
|
if [ "$?" = "0" ] ; then
|
|
exit 0
|
|
fi
|
|
|
|
echo "${hostname}: IMA Info ..........: ${LOGFILE}"
|
|
|
|
delimiter ${LOGFILE} "IMA Kernel Modules"
|
|
lsmod | grep ima >> ${LOGFILE} 2>>${COLLECT_ERROR_LOG}
|
|
|
|
delimiter ${LOGFILE} "Auditd status"
|
|
service auditd status >> ${LOGFILE} 2>>${COLLECT_ERROR_LOG}
|
|
ps -aux | grep audit >> ${LOGFILE} 2>>${COLLECT_ERROR_LOG}
|
|
|
|
mkdir -p ${extradir}/integrity 2>>${COLLECT_ERROR_LOG}
|
|
|
|
delimiter ${LOGFILE} "IMA Runtime Measurement and Violations cache"
|
|
if [ -d "/sys/kernel/security/ima" ]; then
|
|
ls /sys/kernel/security/ima >> ${LOGFILE} 2>>${COLLECT_ERROR_LOG}
|
|
cp -rf /sys/kernel/security/ima ${extradir}/integrity 2>>${COLLECT_ERROR_LOG}
|
|
else
|
|
echo "ERROR: IMA Securityfs directory does not exist!" >> ${LOGFILE}
|
|
fi
|
|
|
|
cp -rf /etc/modprobe.d/ima.conf ${extradir}/integrity 2>>${COLLECT_ERROR_LOG}
|
|
cp -rf /etc/modprobe.d/integrity.conf ${extradir}/integrity 2>>${COLLECT_ERROR_LOG}
|
|
cp -rf /etc/ima.policy ${extradir}/integrity 2>>${COLLECT_ERROR_LOG}
|
|
|
|
# make sure all these collected files are world readible
|
|
chmod -R 755 ${extradir}/integrity
|
|
|
|
exit 0
|