Specifications
CHAPTER 6 61
When the Software Installation Mode is enabled, any process can load
any kernel modules regardless whether they are in the baseline or not
and any process can change any files in the baseline, whether those files
are protected or not. The real-time scanning is still enabled and it alerts of
any malware found during the installation.
Command Line
For information how to use the Software Installation Mode from the shell,
see “fsims”, 74.
6.4.2 Verify Baseline
Enter your passphrase to verify the baseline. For more information about
the passphrase, see “Passphrase”, 62.
Do not start any other integrity checking processes while the product
verifies the baseline.
You can verify the baseline manually to make sure that your system is
safe and all baselined files are unmodified. If an attacker has managed to
gain a root access to the system and regenerated the baseline, the
regenerated baseline does not match against your passphrase when you
verify the baseline.
6.4.3 Generate Baseline
Integrity Checking is set up by creating a baseline of the system files that
you want to protect.
A default set of system files is added to the Known Files list during the
installation. By default, Kernel Module Verification is enabled during the
installation and the baseline is generated from the Known Files list. If you
IMPORTANT: If you install software without the Software
Installation Mode when Integrity Checking monitors updated files,
you may be unable to install or use the new software. For example,
Integrity Checking may prevent a kernel update from booting
properly as new drivers are not in the baseline.