INSERT INTO policies ( /* 11 */
type, name, dir, rec_fail, rec_noresult
) VALUES (
- 8, 'Get /bin', 1, 0, 0
+ 8, 'Get /usr/sbin', 12, 0, 0
);
INSERT INTO policies ( /* 12 */
INSERT INTO policies ( /* 16 */
type, name, dir, rec_fail, rec_noresult
) VALUES (
- 9, 'Measure /bin', 1, 2, 2
+ 9, 'Measure /usr/sbin', 12, 2, 2
);
INSERT INTO policies ( /* 17 */
<em>Product Information</em>, <em>String Version</em>, and <em>Device ID</em> up-front
to the Attestation IMV, whereas <b>dave</b> must be prompted by the IMV to do so via an
<em>Attribute Request</em> PA-TNC attribute. <b>dave</b> is instructed to do a reference
-measurement on all files in the <b>/bin</b> directory. <b>carol</b> is then prompted to
-measure a couple of individual files and the files in the <b>/bin</b> directory as
+measurement on all files in the <b>/usr/sbin</b> directory. <b>carol</b> is then prompted to
+measure a couple of individual files and the files in the <b>/usr/sbin</b> directory as
well as to get metadata on the <b>/etc/tnc_confg</b> configuration file.
<p>
<b>carol</b> passes the health test and <b>dave</b> fails because IP forwarding is
pts = 3
}
}
+ plugins {
+ eap-ttls {
+ max_message_count = 0
+ }
+ }
}
libtls {
}
}
plugins {
+ eap-ttls {
+ max_message_count = 0
+ }
tnc-imc {
preferred_language = de
}
}
plugins {
eap-ttls {
+ max_message_count = 0
phase2_method = md5
phase2_piggyback = yes
phase2_tnc = yes
using EAP-TTLS authentication only with the gateway presenting a server certificate and
the clients doing EAP-MD5 password-based authentication.
<p/>
-In a next step the <b>RFC 7171 PT-EAP</b> transport protocol is used within the EAP-TTLS
-tunnel to determine the state of <b>carol</b>'s and <b>dave</b>'s operating system via the
-<b>TNCCS 2.0 </b> client-server interface compliant with <b>RFC 5793 PB-TNC</b>. The OS IMC
-and OS IMV pair is using the <b>IF-M 1.0</b> measurement protocol defined by <b>RFC 5792 PA-TNC</b>
+In a next step the <b>RFC 7171 PT-EAP</b> transport protocol is used within the EAP-TTLS
+tunnel to determine the state of <b>carol</b>'s and <b>dave</b>'s operating system via the
+<b>TNCCS 2.0 </b> client-server interface compliant with <b>RFC 5793 PB-TNC</b>. The OS IMC
+and OS IMV pair is using the <b>IF-M 1.0</b> measurement protocol defined by <b>RFC 5792 PA-TNC</b>
to exchange PA-TNC attributes.
<p/>
<b>carol</b> sends information on her operating system consisting of the PA-TNC attributes
<em>Product Information</em>, <em>String Version</em>, and <em>Device ID</em> up-front
to the Attestation IMV, whereas <b>dave</b> must be prompted by the IMV to do so via an
<em>Attribute Request</em> PA-TNC attribute. <b>dave</b> is instructed to do a reference
-measurement on all files in the <b>/bin</b> directory. <b>carol</b> is then prompted to
-measure a couple of individual files and the files in the <b>/bin</b> directory as
+measurement on all files in the <b>/usr/sbin</b> directory. <b>carol</b> is then prompted to
+measure a couple of individual files and the files in the <b>/usr/sbin</b> directory as
well as to get metadata on the <b>/etc/tnc_confg</b> configuration file.
<p/>
Since the Attestation IMV negotiates a Diffie-Hellman group for TPM-based measurements,
pts = 3
}
}
+ plugins {
+ eap-ttls {
+ max_message_count = 0
+ }
+ }
}
libtls {
}
}
plugins {
+ eap-ttls {
+ max_message_count = 0
+ }
tnc-imc {
preferred_language = de
}
}
plugins {
eap-ttls {
+ max_message_count = 0
phase2_method = md5
phase2_piggyback = yes
phase2_tnc = yes
using EAP-TTLS authentication only with the gateway presenting a server certificate and
the clients doing EAP-MD5 password-based authentication.
<p/>
-In a next step the <b>RFC 7171 PT-EAP</b> transport protocol is used within the EAP-TTLS tunnel
+In a next step the <b>RFC 7171 PT-EAP</b> transport protocol is used within the EAP-TTLS tunnel
to determine the state of <b>carol</b>'s and <b>dave</b>'s operating system via the <b>TNCCS 2.0</b>
client-server interface compliant with <b>RFC 5793 PB-TNC</b>. The OS and Attestation IMCs
exchange PA-TNC attributes with the OS IMV via the <b>IF-M 1.0</b> measurement protocol
<em>Product Information</em>, <em>String Version</em>, and <em>Device ID</em> up-front
to the Attestation IMV, whereas <b>dave</b> must be prompted by the IMV to do so via an
<em>Attribute Request</em> PA-TNC attribute. <b>dave</b> is instructed to do a reference
-measurement on all files in the <b>/bin</b> directory. <b>carol</b> is then prompted to
-measure a couple of individual files and the files in the <b>/bin</b> directory as
+measurement on all files in the <b>/usr/sbin</b> directory. <b>carol</b> is then prompted to
+measure a couple of individual files and the files in the <b>/usr/sbin</b> directory as
well as to get metadata on the <b>/etc/tnc_confg</b> configuration file.
<p>
<b>carol</b> passes the health test and <b>dave</b> fails because IP forwarding is
pts = 3
}
}
+ plugins {
+ eap-ttls {
+ max_message_count = 0
+ }
+ }
}
libtls {
}
}
plugins {
+ eap-ttls {
+ max_message_count = 0
+ }
tnc-imc {
preferred_language = de
}
}
plugins {
eap-ttls {
+ max_message_count = 0
phase2_method = md5
phase2_piggyback = yes
phase2_tnc = yes
projects / thirdparty / strongswan.git / commitdiff
