13.5. Enabling fapolicyd integrity checks

PDF

By default, fapolicyd does not perform integrity checking. You can configure fapolicyd to perform integrity checks by comparing either file sizes or SHA-256 hashes. You can also set integrity checks by using the Integrity Measurement Architecture (IMA) subsystem.

Conditions préalables

The fapolicyd framework is deployed on your system.

Procédure

Open the /etc/fapolicyd/fapolicyd.conf file in a text editor of your choice, for example:
```
# vi /etc/fapolicyd/fapolicyd.conf
```
Change the value of the integrity option from none to sha256, save the file, and exit the editor:
```
integrity = sha256
```
Restart the fapolicyd service:
```
# systemctl restart fapolicyd
```

Vérification

Back up the file used for the verification:
```
# cp /bin/more /bin/more.bak
```
Change the content of the /bin/more binary:
```
# cat /bin/less > /bin/more
```

Use the changed binary as a regular user:

# su example.user
$ /bin/more /etc/redhat-release
bash: /bin/more: Operation not permitted

Revert the changes:
```
# mv -f /bin/more.bak /bin/more
```

13.5. Enabling fapolicyd integrity checks

Apprendre

Essayez, achetez et vendez

Communautés

À propos de la documentation Red Hat

Rendre l’open source plus inclusif

À propos de Red Hat

Red Hat legal and privacy links

Red Hat legal and privacy links