NAME
setup_ima_digest_lists - generate digest lists for measurement and appraisal


SYNOPSIS
setup_ima_digest_lists parser|distro|immutable|mutable [options]


DESCRIPTION
setup_ima_digest_lists can be used to generate digest lists for measurement and
appraisal. Digest lists can be generated from the RPM database, or from IMA
measurements.


COMMANDS
parser: generate digest lists for the parser

distro: generate digest lists from the RPM database

immutable: generate a digest list of immutable files

mutable: generate a digest list of mutable files


OPTIONS
-d <directory>: directory where digest lists are stored

-i: add files not found in existing digest lists

-t <type>: specify type of compact list

-V <kernel version>: kernel version

-D <search dirs>: directories containing immutable/mutable files

-E <exclude dirs>: excluded directories

-g: generate digest lists of mutable files

-a: run initramfs generator

-s: sign digest list

-v <private key>: path of private key in PEM format

-x <x509 certificate>: path of X.509 certificate in PEM format

-l: include LSM label

-h: display help


EXAMPLES
Generate digest lists from the RPM database.

# setup_ima_digest_lists distro

Generate a digest list of immutable files in /etc from IMA measurements.

# setup_ima_digest_lists immutable -a -i -D "/etc"


AUTHOR
Written by Roberto Sassu, <roberto.sassu at huawei.com>.


COPYING
Copyright (C) 2017-2020 Huawei Technologies Duesseldorf GmbH. Free use of
this software is granted under the terms of the GNU Public License 2.0
(GPLv2).
