dim_comm()
{
{{ with .Dim }}{{if .DimIsEnable}}
    check_rpm_package dim
    if [ $? -eq 1 ]; then
        return 1
    fi
    get_usr_input "New static baseline file and policy will be created at /etc/dim?【Y/N】"
    if [ $? -eq 1 ]; then
        if [ -d "/etc/dim/" ]; then
            [ ! -d ./dim/ ] || rm -rf dim
            mv /etc/dim/ .
            echo "Backing up /etc/dim/ to the current directory, please delete it in time!"
        fi
        mkdir -p /etc/dim/
        mkdir -p /etc/dim/digest_list/
    else
        echo "Exit dim configuration."
        return 1
    fi

    check_rpm_package dim_tools
    if [ $? -eq 1 ]; then
        return 1
    fi
    dimHash={{.MeasureHash}}
{{range .MeasureList}}
    if [ -f "{{.}}" ] ; then
        echo "Establishing static baseline：" {{.}}
        dim_gen_baseline {{.}} -o /etc/dim/digest_list/$(basename {{.}}).hash -a $dimHash
        if [ $? -ne 0 ]; then
            echo "Error! Static baseline establishment failed" {{.}}
            return 1
        fi
        echo "measure obj=BPRM_TEXT path={{.}}" >> /etc/dim/policy
    elif [ "{{.}}" == "kernel" ]; then
        echo "measure obj=KERNEL_TEXT" >> /etc/dim/policy
        dim_gen_baseline -k "$(uname -r)" -o /etc/dim/digest_list/kernel.hash /boot/vmlinuz-6* -a $dimHash
        if [ $? -ne 0 ]; then
            echo "Kernel static baseline establishment failed"
            return 1
        fi
    else
        echo "Establishing static baseline：" {{.}}
        module=`modinfo {{.}} | grep "^name:" | awk '{print $2}'`
        moduleFilePath=`modinfo {{.}} | grep "^filename:" | awk '{print $2}'`
        if [ "${moduleFilePath##*.}" == "xz" ]; then
            echo "Decompressing $moduleFilePath"
            xz -d -k $moduleFilePath
            moduleFilePath=${moduleFilePath%.*}
        fi
        dim_gen_baseline $moduleFilePath -o /etc/dim/digest_list/$module.hash -a $dimHash
        if [ $? -ne 0 ]; then
            echo "Static baseline establishment failed" {{.}}
            return 1
        fi
        echo "measure obj=MODULE_TEXT name=$module" >> /etc/dim/policy
    fi
{{ end }}
    if [ ! -f /etc/dim/policy ]; then
        echo "Error! The policy is not configured. Please configure the policy!"
        return 1
    fi
    if [ ! -d /etc/dim/digest_list ]; then
        echo "Error! The policy is not configured. Please configure static baseline!"
        return 1
    fi
    get_usr_input "Clear original baseline right now?【Y/N】"
    if [ $? -eq 1 ]; then
        rmmod dim_monitor &> /dev/null
        rmmod dim_core &> /dev/null
    else
        echo "Exit dim configuration"
        return 1
    fi
{{if .Signature}}
    check_rpm_package openssl
    if [ $? -eq 1 ]; then
        return 1
    fi
    get_usr_input "Generate keys and certificates automatically?【Y/N】"
    if [ $? -eq 1 ]; then
        echo 'subjectKeyIdentifier=hash' > root.cfg
        openssl genrsa -out root.key 4096 || exit 1
        openssl req -new -sha256 -key root.key -out root.csr -subj "/C=AA/ST=BB/O=CC/OU=DD/CN=root ca" || exit 1
        openssl x509 -req -days 3650 -extfile root.cfg -signkey root.key -in root.csr -out root.crt || exit 1
        openssl x509 -in root.crt -out root.der -outform DER || exit 1
        rm -f root.cfg root.csr root.crt
        mkdir -p /etc/keys
        mv root.der /etc/keys/x509_dim.der
        mv root.key /etc/keys/dim.key
    else
        echo "Please place the certificate in the /etc/keys/ directory and rename it to x509_dim.der!"
        echo "Please place the private key in the /etc/keys/ directory and rename it to dim.key!"
    fi
    get_usr_input "Sign policy files and static baseline files right now?【Y/N】"
    if [ $? -eq 1 ]; then
        openssl dgst -sha256 -out /etc/dim/policy.sig -sign /etc/keys/dim.key /etc/dim/policy || exit 1
        for file in `ls /etc/dim/digest_list/*.hash`; do
            openssl dgst -sha256 -out $file.sig -sign /etc/keys/dim.key $file || exit 1
        done
    else
        echo "Please sign the policy file and static baseline file manually!"
    fi
    get_usr_input "Delete the private key right row?【Y/N】"
    if [ $? -eq 1 ]; then
        rm -f /etc/keys/dim.key
    fi
{{end}}
    get_usr_input "dim_core is about to load?【Y/N】"
    if [ $? -eq 1 ]; then
        modprobe dim_core measure_log_capacity={{.MeasureLogCapacity}} \
            measure_hash={{.MeasureHash}} \
            measure_pcr={{.CorePcr}} \
            measure_schedule={{.MeasureSchedule}} \
            signature={{.Signature}} \
            measure_interval={{.MeasureInterval}}
        if [ $? -eq 0 ]; then
            echo "dim_core loaded successfully!"
        else
            echo "dim_core loaded failed!"
            return 1
        fi
    fi
    get_usr_input "dim_monitor is about to load?【Y/N】"
    if [ $? -eq 1 ]; then
        modprobe dim_monitor measure_hash={{.MeasureHash}} \
            measure_pcr={{.MonitorPcr}} \
            measure_log_capacity={{.MeasureLogCapacity}}
        if [ $? -eq 0 ]; then
            echo "dim_monitor loaded successfully!"
        else
            echo "Error! dim_monitor failed to load!"
            rmmod dim_core
            return 1
        fi
    fi
{{ if .BaselineIsEnable }}
    get_usr_input "Dynamic baseline will be established?【Y/N】"
    if [ $? -eq 1 ]; then
        echo 1 > /sys/kernel/security/dim/baseline_init
        echo 1 > /sys/kernel/security/dim/monitor_baseline
    fi
{{ end }}{{ else }}
    echo "dim is not enabled!"
{{ end }}
    echo "dim configuration completed!"
    return 0
{{ else }}
    echo "dim is not configured!"
    return 0
{{ end }}
}

