go-ima is a tool that checks if a file has been tampered with. It is useful in ensuring integrity in CI systems

Last update: Apr 26, 2022

Comments: 0

go-ima

Tool that checks the ima-log to see if a file has been tampered with.

How to use

Set the IMA policy to tcb by configuring GRUB GRUB_CMDLINE_LINUX="ima_policy=tcb ima_hash=sha256 ima=on"
Compile
Grant permissions to read /sys/kernel/security/integrity/ima/ascii_runtime_measurements
Run

./go-ima {file to check}

You will get an exit status of 0 if the file has not been modified since inception or boot. If you get an Exit status of 1 it means the IMA log contains at least one hash that does not match what is on disk. This could either be the sign of an attack, or somebody just editing files on your build server.

Limitations

Support for verifying against PCR register
Support for different hash schemes

Owner

TestifySec

https://github.com/testifysec/go-ima

Similar Resources

A library containing useful functions for working with Go types.

Go Type Tools A library containing useful functions for working with Go types. Table of Contents Reasoning Examples Array Map Int String Usage License

Feb 18, 2022

Extypes - Extra data types useful for database

ExTypes Extra data types useful for database JSON Object JSON Object is useful f

Jan 27, 2022

Some useful tools to help manage attachments in my local markdown projects.

Oct 8, 2022

Moby Project - a collaborative project for the container ecosystem to assemble container-based systems

The Moby Project Moby is an open-source project created by Docker to enable and accelerate software containerization. It provides a "Lego set" of tool

Jan 8, 2023

Resilient, scalable Brainf*ck, in the spirit of modern systems design

Brainf*ck-as-a-Service A little BF interpreter, inspired by modern systems design trends. How to run it? docker-compose up -d bash hello.sh # Should p

Nov 22, 2022

An Alert notification service is an application which can receive alerts from certain alerting systems like System_X and System_Y and send these alerts to developers in the form of SMS and emails.

Alert-System An Alert notification service is an application which can receive alerts from certain alerting systems like System_X and System_Y and sen

Dec 10, 2021

My solutions to labs of MIT 6.824: Distributed Systems.

MIT 6.824 Distributed Systems Labs

Dec 30, 2021

A Go based deployment tool that allows the users to deploy the web application on the server using SSH information and pem file.

A Go based deployment tool that allows the users to deploy the web application on the server using SSH information and pem file. This application is intend for non tecnhincal users they can just open the GUI and given the server details just deploy.

Oct 16, 2021

Zdeploy - Deployment file tool with golang

zdeploy 中文 Deployment file tool Transfer deployment files Provide shell/bat exec

Sep 22, 2022

Related tags

DevOps Tools go-ima

Nomad-driver-await-dependency - A Nomad driver that acts as blocker for subsequent task until a given Consul service has reached a given state

Nomad Skeleton Driver Plugin Skeleton project for Nomad task driver plugins. Thi

Feb 12, 2022

Cli tool to save useful links to read it later

lnk - Cli tool to save useful links still in development Usage lnk <new|list> [url] - new: creates a new link url: required params, which i

Jun 23, 2022

Prevent Kubernetes misconfigurations from ever making it (again 😤) to production! The CLI integration provides policy enforcement solution to run automatic checks for rule violations. Docs: https://hub.datree.io

What is Datree? Datree helps to prevent Kubernetes misconfigurations from ever making it to production. The CLI integration can be used locally or in

Jan 1, 2023

sleuth checks that you declared a slice with length and you are trying append to the slice.

sleuth sleuth detects when an append is used on a slice with an initial size. Instruction go install github.com/sivchari/sleuth/cmd/sleuth Usage packa

Sep 15, 2021

Open Source runtime scanner for Linux containers (LXD), It performs security audit checks based on CIS Linux containers Benchmark specification

lxd-probe Scan your Linux container runtime !! Lxd-Probe is an open source audit scanner who perform audit check on a linux container manager and outp

Dec 26, 2022

Open Source runtime scanner for OpenShift cluster and perform security audit checks based on CIS RedHat OpenShift Benchmark specification

OpenShift-Ordeal Scan your Openshift cluster !! OpenShift-Ordeal is an open source audit scanner who perform audit check on OpenShift Cluster and outp

Sep 6, 2022

Controller-check - Run checks against K8s controllers to verify if they meets certain conventions

controller-check Run checks against K8s controllers to verify if they meets cert

Jan 4, 2022

Automatically capture all potentially useful information about each executed command (as well as its output) and get powerful querying mechanism

nhi is a revolutionary tool which automatically captures all potentially useful information about each executed command and everything around, and delivers powerful querying mechanism.

Nov 29, 2022

Package trn introduces a Range type with useful methods to perform complex operations over time ranges

Time Ranges Package trn introduces a Range type with useful methods to perform c

Aug 18, 2022

simple web app that print its environment variable, useful for testing on k8s

Index Sample web app that pints environment variables. Start it: docker-compose up Use it: > curl localhost:8080 PATH=/usr/local/sbin:/usr/local/bin:/

Jan 10, 2022