fapolicyd icon indicating copy to clipboard operation
fapolicyd copied to clipboard
verified publisher icon linux-application-whitelisting

Integrity Check - Fapolicyd Vs AIDE

Open MedDevSecGuru987 opened this issue 3 years ago • 1 comments

I've configured and tested fapolicyd for Integrity Check (integrity = sha256). The verification steps provided in the document works. Daemon does not allow the execution of a changed binary. However daemon does not detect changes in the file. I'm looking for a functionality similar to RedHat AIDE (aide --check). We're using RedHat 8.6 (fapolicyd-1.1-6.el8_6.1.x86_64).

Latest DISA STIG recommends both fapolicyd and AIDE. We feel this is an overhead. Are there any plans to provide change detect functionality in fapolicyd?

MedDevSecGuru987 avatar Aug 15 '22 13:08 MedDevSecGuru987

Does fapolicyd-cli --check-trustdb do what you want? Note, not all files in the rpm database are kept since documents pose no real threat.

stevegrubb avatar Aug 16 '22 11:08 stevegrubb

Yes, that helps, Thanks I'm waiting for a day when RHEL DISA STIG recommends fapolicyd for integrity check instead of AIDE.

MedDevSecGuru987 avatar Aug 19 '22 18:08 MedDevSecGuru987

OK. Glad that helps. Closing this out.

stevegrubb avatar Aug 20 '22 13:08 stevegrubb