55 lines
3.1 KiB
Diff
55 lines
3.1 KiB
Diff
|
diff -urp fapolicyd-0.9.5.orig/doc/fapolicyd.conf.5 fapolicyd-0.9.5/doc/fapolicyd.conf.5
|
||
|
--- fapolicyd-0.9.5.orig/doc/fapolicyd.conf.5 2020-05-22 10:03:14.000000000 -0400
|
||
|
+++ fapolicyd-0.9.5/doc/fapolicyd.conf.5 2020-05-22 10:04:32.583100229 -0400
|
||
|
@@ -55,26 +55,6 @@ This is a comma separated list of file s
|
||
|
This is a comma separated list of trust back-ends. If this is not configured, rpmdb is default. Fapolicyd supports \fBfile\fP back-end that reads content of /etc/fapolicyd/fapolicyd.trust and use it as a list of trusted files. The second option is \fBrpmdb\fP backend that generates list of trusted files from rpmdb.
|
||
|
|
||
|
.TP
|
||
|
-.B integrity
|
||
|
-This option tells fapolicyd which integrity strategy it should use. It can be one of 4 values:
|
||
|
-.RS
|
||
|
-.TP 12
|
||
|
-.B none
|
||
|
-This is the
|
||
|
-.IR default
|
||
|
-and does no integrity checking.
|
||
|
-.TP
|
||
|
-.B size
|
||
|
-Selecting this option will compare the size of the file with what it was knows to be. This is better than nothing and very fast since fapolicyd already collects size information during normal processing. However, an attacker could replace the file and as long as the size matches, it will not be detected.
|
||
|
-.TP
|
||
|
-.B ima
|
||
|
-Selecting this option will use a SHA256 hash that the IMA subsystem places in a file's extended attributes in addition to the size check. This means that all file systems holding executable code must support extended attributes.
|
||
|
-.RE
|
||
|
-.TP
|
||
|
-.B sha256
|
||
|
-Selecting this option will calculate a SHA256 hash by cryptographic means. A size check will also be performed.
|
||
|
-
|
||
|
-.TP
|
||
|
.B syslog_format
|
||
|
This option controls how the output from the access decision is formatted. The format is a comma separated list of subject and object names from the rules. It does not allow the keyword "all". It also allows for rule, dec, and perm. The format must include a semi-colon to deliniate subject from object keywords. The typical use is to place information about the access decision, then subject information, a colon, and the object information. Also note that the more things being logged, the more it will impact system performance. Also, the event written is limited to 512 bytes.
|
||
|
|
||
|
diff -urp fapolicyd-0.9.5.orig/init/fapolicyd.conf fapolicyd-0.9.5/init/fapolicyd.conf
|
||
|
--- fapolicyd-0.9.5.orig/init/fapolicyd.conf 2020-05-22 10:03:14.000000000 -0400
|
||
|
+++ fapolicyd-0.9.5/init/fapolicyd.conf 2020-05-22 10:04:46.801098703 -0400
|
||
|
@@ -15,5 +15,4 @@ subj_cache_size = 1549
|
||
|
obj_cache_size = 8191
|
||
|
watch_fs = ext2,ext3,ext4,tmpfs,xfs,vfat,iso9660
|
||
|
trust = rpmdb,file
|
||
|
-integrity = none
|
||
|
syslog_format = rule,dec,perm,auid,pid,exe,:,path,ftype
|
||
|
diff -urp fapolicyd-0.9.5.orig/src/daemon/daemon-config.c fapolicyd-0.9.5/src/daemon/daemon-config.c
|
||
|
--- fapolicyd-0.9.5.orig/src/daemon/daemon-config.c 2020-05-22 10:03:14.000000000 -0400
|
||
|
+++ fapolicyd-0.9.5/src/daemon/daemon-config.c 2020-05-22 10:05:35.103093520 -0400
|
||
|
@@ -538,9 +538,9 @@ static int trust_parser(const struct nv_
|
||
|
static const struct nv_list integrity_schemes[] =
|
||
|
{
|
||
|
{"none", IN_NONE },
|
||
|
- {"size", IN_SIZE },
|
||
|
+/* {"size", IN_SIZE },
|
||
|
{"ima", IN_IMA },
|
||
|
- {"sha256", IN_SHA256 },
|
||
|
+ {"sha256", IN_SHA256 }, */
|
||
|
{ NULL, 0 }
|
||
|
};
|
||
|
|