Chapter 1. Introduction to fapolicyd
The fapolicyd
software framework controls the execution of applications based on a user-defined policy. This is one of the most efficient ways to prevent running untrusted and possibly malicious applications on the system. For more information, refer to Blocking and allowing applications by using fapolicyd in the Security hardening guide for RHEL 9.
The procedures described below put all detected SAP HANA executables into fapolicyd
trust files, which contain all names, sizes, and checksums of trusted files. SAP HANA binaries and shell scripts can only be executed if they are contained in the fapolicyd
trust files. So, if you execute SAP HANA binaries or shell scripts that are not contained in the fapolicyd
trust files, undesirable effects, including corruption or loss of data, could happen. You must carefully test all the steps and do proper verification on a non-production system first.