-
this is a spin off of https://github.com/Azure/login/issues/27
when running
```
az login --service-principal -u $U --tenant $T -p $P
```
the secret is leaked on the command line as known, it i…
-
Hi
I am trying to run fapolicy on eks nodes ( for compliance ) . following https://github.com/linux-application-whitelisting/fapolicyd/issues/180 , i have it it up and running and working.
Howeve…
-
Would it make sense not to define the decision log target in the rules themselves but use a common decision `deny_log` and maybe even `allow_log` and using a general configuration to specify where to …
sopos updated
2 years ago
-
In the fapolicyd.conf(5) man page, we see this text:
```
watch_fs
This is a comma separated list of file systems that should be watched for access permission. No attempt is made t…
-
How would I mark exe=nfsd as trusted? Or if there is a better way. How do I export a filesystem containing a language file?
e.g. `%languages=application/x-bytecode.ocaml,application/x-bytecode.python…
-
Recently in using fapolicyd we've started intermittently seeing denials come up like the following around kworker. Our setup requires us to deny anything not whitelisted at the end per a STIG:
```…
-
We're leveraging fapolicy on ECS nodes, and we've attempted this on fapolicyd-1.0.4 through fapolicyd-1.1.3
Using Amazon Linux 2 running the 5.10 Linux Kernel (as it has all of the necessary plumbi…
-
All the pods are running but registry server is unresponsive at some point after installation.
(no response at `curl https://localhost:8443`)
I have to restart the pods or even have to reboot th…
-
#### Description of problem:
During testing of missing references of rules, a huge list of ospp rules without `ospp` reference has been reported.
List of ospp rules without reference:
- mount_opti…
-
```
rule=16 dec=deny_audit perm=execute auid=-1 pid=9107 exe=/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.382.b05-2.el8.x86_64/jre/bin/java : path=/etc/puppetlabs/puppet/node.rb ftype=text/x-ruby trust=0
r…