qtegrity
Section: qtegrity (1)
Updated: May 2018
Page Index
NAME
qtegrity - verify files with IMA
SYNOPSIS
qtegrity
[opts] <misc args>
DESCRIPTION
The default behavior of
qtegrity is to verify digests of performed
executables to a list of known good digests. This requires an IMA-enabled
linux kernel, which records digests of performed executables and exports them
through securityfs. Using
--ignore-non-existent suppresses messages
about recorded files that can't be accessed (assuming they got removed).
By using
--add, the program behaves differently. No verification is
performed, instead a digest is made of the provided file and appended to
the list of known good digests.
OPTIONS
- -a <arg>, --add <arg>
-
Add file to store of known-good digests.
- -i, --ignore-non-existent
-
Be silent if recorded file no longer exists.
- -s, --show-matches
-
Show recorded digests that match with known-good digests.
- --root <arg>
-
Set the ROOT env var.
- -v, --verbose
-
Make a lot of noise.
- -q, --quiet
-
Tighter output; suppress warnings.
- -C, --nocolor
-
Don't output color.
- -h, --help
-
Print this help and exit.
- -V, --version
-
Print version and exit.
RELEVANT FILES
Central list of known good digests
/var/db/QTEGRITY
Linux kernel's recorded digests
/sys/kernel/security/ima/ascii_runtime_measurements
REPORTING BUGS
Please report bugs via
http://bugs.gentoo.org/
Product: Portage Development; Component: Tools, Assignee:
portage-utils@gentoo.org
AUTHORS
Ned Ludd <solar@gentoo.org>
Mike Frysinger <vapier@gentoo.org>
Fabian Groffen <grobian@gentoo.org>
Sam Besselink
SEE ALSO
q(1),
qatom(1),
qcache(1),
qcheck(1),
qdepends(1),
qfile(1),
qgrep(1),
qlist(1),
qlop(1),
qmerge(1),
qpkg(1),
qsearch(1),
qsize(1),
qtbz2(1),
quse(1),
qxpak(1)