fapolicyd
fapolicyd copied to clipboard
linux-application-whitelisting
File Access Policy Daemon
I've configured and tested fapolicyd for Integrity Check (integrity = sha256). The verification steps provided in the document works. Daemon does not allow the execution of a changed binary. However...
Recently in using fapolicyd we've started intermittently seeing denials come up like the following around kworker. Our setup requires us to deny anything not whitelisted at the end per a...
**Issue:** When fapolicyd fails to parse its config file, sees some errors in trust database, or just any kind of error, systemd will fail to load fapolicyd and will still...
I am running fapolicyd (fapolicyd-1.0.2-6.el8.x86_64) on Red Hat Enterprise Linux release 8.5 with the following rules: ```# This rule policy is designed to only block execution of untrusted files #...
We're leveraging fapolicy on ECS nodes, and we've attempted this on fapolicyd-1.0.4 through fapolicyd-1.1.3 Using Amazon Linux 2 running the 5.10 Linux Kernel (as it has all of the necessary...
We have created stable build instructions for fapolicyd (at this time, 1.0.4) on Amazon Linux 2. They will work for the system in FIPS mode, as well as on the...
Good afternoon! We've been able to successfully multiple versions of fapolicyd (on various type of systems, including Amazon Linux, which requires, of course a 5.x kernel, as mentioned in several...
Hi, fapolicyd currently doesn't handle octal escape sequences in `/proc/mounts`. The `unmangle()` code is basically what util-linux [uses](https://github.com/util-linux/util-linux/blob/153607e20377f60ab9ff026c1a5c0d07f89f49a3/lib/mangle.c#L52) with some checks discarded since we know (or assume, sscanf result isn't...
packages - fapolicyd-dnf-plugin-1.0.3-2.fc34.noarch - fapolicyd-selinux-1.0.3-2.fc34.noarch - fapolicyd-1.0.3-2.fc34.x86_64 I've been testing fapolicyd and have some notes when using default ruleset. Mainly my gripe is about: https://github.com/linux-application-whitelisting/fapolicyd/blob/6ed039f4ec176b0bab96093e505d9f1f5f4ca3f3/init/fapolicyd.rules.known-libs#L37 ### /bin /sbin change if...
This patch allows to identify the current rules are still the default ones. If so, the rules are to be updated automatically by rpm. The same applies to package removal....
