One Hat Cyber Team

Your IP: 216.73.216.217
Server IP: 97.74.87.16
Server: Linux 16.87.74.97.host.secureserver.net 5.14.0-503.38.1.el9_5.x86_64 #1 SMP PREEMPT_DYNAMIC Fri Apr 18 08:52:10 EDT 2025 x86_64
Server Software: Apache
PHP Version: 8.2.28
Buat File | Buat Folder

Dir : ~/proc/self/root/lib/dracut/modules.d/98integrity/

View File Name : ima-keys-load.sh

#!/usr/bin/sh

SECURITYFSDIR="/sys/kernel/security"
IMASECDIR="${SECURITYFSDIR}/ima"
IMACONFIG="${NEWROOT}/etc/sysconfig/ima"

load_x509_keys() {
    KEYRING_ID=$1

    # override the default configuration
    if [ -f "${IMACONFIG}" ]; then
        # shellcheck disable=SC1090
        . "${IMACONFIG}"
    fi

    if [ -z "${IMAKEYSDIR}" ]; then
        IMAKEYSDIR="/etc/keys/ima"
    fi

    for PUBKEY in "${NEWROOT}${IMAKEYSDIR}"/*; do
        # check for public key's existence
        if [ ! -f "${PUBKEY}" ]; then
            if [ "${RD_DEBUG}" = "yes" ]; then
                info "integrity: IMA x509 cert file not found: ${PUBKEY}"
            fi
            continue
        fi

        # FIXME: X509ID unused?
        # shellcheck disable=SC2034
        if ! X509ID=$(evmctl import "${PUBKEY}" "${KEYRING_ID}"); then
            info "integrity: IMA x509 cert not loaded on keyring: ${PUBKEY}"
        fi
    done

    if [ "${RD_DEBUG}" = "yes" ]; then
        keyctl show "${KEYRING_ID}"
    fi
    return 0
}

# check kernel support for IMA
if [ ! -e "${IMASECDIR}" ]; then
    if [ "${RD_DEBUG}" = "yes" ]; then
        info "integrity: IMA kernel support is disabled"
    fi
    return 0
fi

# get the IMA keyring id

if line=$(keyctl describe %keyring:.ima); then
    _ima_id=${line%%:*}
else
    _ima_id=$(keyctl search @u keyring _ima)
    if [ -z "${_ima_id}" ]; then
        _ima_id=$(keyctl newring _ima @u)
    fi
fi

# load the IMA public key(s)
load_x509_keys "${_ima_id}"