stevegrubb
commented
2 years ago Does fapolicyd-cli --check-trustdb do what you want? Note, not all files in the rpm database are kept since documents pose no real threat.
Closed MedDevSecGuru987 closed 2 years ago
stevegrubb
commented
2 years ago Does fapolicyd-cli --check-trustdb do what you want? Note, not all files in the rpm database are kept since documents pose no real threat.
MedDevSecGuru987
commented
2 years ago Yes, that helps, Thanks I'm waiting for a day when RHEL DISA STIG recommends fapolicyd for integrity check instead of AIDE.
stevegrubb
commented
2 years ago OK. Glad that helps. Closing this out.
I've configured and tested fapolicyd for Integrity Check (integrity = sha256). The verification steps provided in the document works. Daemon does not allow the execution of a changed binary. However daemon does not detect changes in the file. I'm looking for a functionality similar to RedHat AIDE (aide --check). We're using RedHat 8.6 (fapolicyd-1.1-6.el8_6.1.x86_64).
Latest DISA STIG recommends both fapolicyd and AIDE. We feel this is an overhead. Are there any plans to provide change detect functionality in fapolicyd?