How to use the Linux kernel's Integrity Measurement Architecture

The kernel integrity sub-system can be used to detect if a file has been altered (accidently or maliciously), both remotely and/or locally. It does that by appraising a file's measurement (its hash value) against a “good” value stored previously as an extended attribute (on file systems which support extended attributes like ext3, ext4. etc.). Similar, but complementary, mechanisms are provided by other security technologies like SELinux which depending on policy can attempt to protect file integrity.

The Linux IMA (Integrity Measurement Architecture) subsystem introduces hooks within the Linux kernel to support creating and collecting hashes of files when opened, before their contents are accessed for read or execute. The IMA measurement subsystem was added in linux-2.6.30 and is supported by Red Hat Enterprise Linux 8.

The kernel integrity subsystem consists of two major components. The Integrity Measurement Architecture (IMA) is responsible for collecting file hashes, placing them in kernel memory (where userland applications cannot access/modify it) and allows local and remote parties to verify the measured values. The Extended Verification Module (EVM) detects offline tampering (this could help mitigate evil-maid attacks) of the security extended attributes. 

IMA maintains a runtime measurement list and, if anchored in a hardware Trusted Platform Module(TPM), an aggregate integrity value over this list. The benefit of anchoring the aggregate integrity value in the TPM is that the measurement list is difficult to compromise by a software attack, without it being detectable. Hence, on a trusted boot system, IMA-measurement can be used to attest to the system's runtime integrity.

Enabling IMA-measurement:

IMA-measurement can be enabled by adding the parameters “ima=on ima_policy=<policy>” to the kernel command line and rebooting the system. The policy parameter takes one of the below values:

• tcb - measures all executables run, all mmap'd files for execution (such as shared libraries), all kernel modules loaded, and all firmware loaded. Additionally, all files read by root are measured as well.

• appraise_tcb - appraises all files owned by root.

• secure_boot - appraises all loaded modules, firmware, kexec'd kernel, and IMA policies. It also requires them to have an IMA signature as well. This is normally used with the CONFIG_INTEGRITY_TRUSTED_KEYRING option in the kernel in "secure boot" scenario, with the public key obtained from the OEM in firmware or via the MOK (Machine Owner Key) in shim.

IMA-measurements maintains a runtime measurement list, which can be reviewed via the /sys/kernel/security/ima/ascii_runtime_measurements file.

[root@kvm-05-guest13 ~]# head -5 /sys/kernel/security/ima/ascii_runtime_measurements
10 1d8d532d463c9f8c205d0df7787669a85f93e260 ima-ng sha1:ddee6004dc3bd4ee300406cd93181c5a2187b59b boot_aggregate
10 bfe074db49e639b3d65aff5d29714c0ada7584ae ima-ng sha1:b23cdfea2ad736ea9f2591270fe644d8052cc86f /usr/lib/systemd/systemd
10 63c80ba8646fb4d8a48e0b6baf38650fef1b3ffb ima-ng sha1:8c8d12052c4684e696da0bee28d7a2f3c4f408e4 /usr/lib64/ld-2.28.so
10 2a07e7f032ba91832d267e6c58437cec1dccf35d ima-ng sha1:381429f65d66187f866361e8dc19e96808f9424f /usr/lib/systemd/libsystemd-shared-239.so
10 a4c7964b6581dcf3aa5495dc94a17bb7ee82554c ima-ng sha1:1abcf3c99faad55856d49e3ds210abec56d95e4a51 /etc/ld.so.cache

The columns (from left to right) are:

• PCR (Platform Configuration Register) in which the values are registered. This field is set correctly when the TPM chip is in use.

• Template hash of the entry, which is a hash that combines the length and values of the file content hash and the pathname.

• Template that registered the integrity value (ima-ng in this case).

• File content, a hash generated from the contents of the file.

• File Name The name of the file being monitored.

The default hash algorithm is SHA-1 and can be changed to SHA256 by booting with ima_hash=sha256.

IMA re-measurement:

If any of the monitored files change at any time, for example when the system is updated, IMA re-measurement can be done. For this the file system needs to be mounted with the i_version option. To re-measure a file after it has changed, the filesystem must support i_version. For example to enable i_version on root file system, one can edit the /etc/fstab file as follows:

/dev/vda1  /  ext4  noatime,iversion  1 2

Now the system can be updated, any changes to the files which are monitored will cause the hashes to be re-computed and stored.

IMA appraisal 

The appraisal extension adds local integrity validation and enforcement of the measurement against a "good" value stored as an extended attribute security.ima. 

Enabling IMA appraisal is a two step process. 

• First reboot the kernel  with the boot command line parameters ima_appraise_tcb and ima_appraise='fix' to relabel the file system. Next, all files that will be appraised need to be opened for reading. This process could take some time. To relabel the entire filesystem you can run the following command: 

find / \\( -fstype rootfs -o ext4 -type f \\) -uid 0 -exec head -n 1 '{}' >/dev/null \\;

When done, the stored hash value should show as an extended attribute. For example 

[root@kvm-05-guest13 ~]# getfattr -m - -d /sbin/init
getfattr: Removing leading '/' from absolute path names
# file: sbin/init
security.ima=0sAbI83+oq1zbqnyWRJw/mRNgFLMhv
security.selinux="system_u:object_r:init_exec_t:s0"

• Now, reboot with ima_appraise_tcp and ima_appraise=enforce kernel command line parameters. The system should now run with appraisal enabled, causing the system to validate the hash against the stored value before using it. If it doesn't match, then the file is not loaded, any access towards it will be denied with a Permission denied error, and if audit is enabled, generates an audit event.

There are several other features which are available with IMA. For example, editing the default policy files for ima-appraisal, ima-audit, using digital signatures for immutable files, and storing the signing keys in the TPM chip, which are not covered in this blog. In conclusion IMA is a very powerful tool which can be used to enforce integrity of a system and detect any attempts to tamper with it. There are several comprehensive guides available which discuss various nuances of working with IMA.