Releases: linux-application-whitelisting/fapolicyd
fapolicyd-1.1.3
This release is focused on performance improvements. Also, a setting for OOMScoreAdjust was added to the service file.
fapolicyd-1.1.2
This is a security update release. It fixes CVE-2022-1117 fapolicyd incorrectly detects the run time linker. It also adds the btrfs to the watch_fs config option. And it fixes a problem tracking trusted static apps that launch other apps.
fapolicyd-1.1.1
This release adds support for reloading the trust database via SIGHUP. It adds support for using ppid as a subject attribute. And most importantly, corrects the ordering of 2 categories of rules from the 1.1 release. The correction was that loopholes was moved to be earlier and is the 20- rules and patterns was moved later to be the 30- rules. Anyone that deployed the 1.1 release should carefully look at their rules and realign to 1.1.1's version.
fapolicyd-1.1
This release adds support for a rules.d directory. This is where all the rule should be placed from now on. Several new diagnostic capabilities was added to the cli program. Look in the man page for --check options. The magic file was also updated for new detections.
fapolicyd-1.0.4
ELF file detection was improved, support added for multiple trust files in a trust.d directory, in permissive mode, allow audit events when rules say to log it, add rpm_sha256_only config option to the daemon, and escape whitespaces in file names put into the file trust database.
fapolicyd-1.0.3
This is a minor release with some code cleanups, keep typescript files in /usr/share, allow application/javascript in default rules, fix startup migration of the trustdb.
fapolicyd-1.0.2
This release adds Group ID support for rules and lays the groundwork for an rpm plugin that will update the trust db during rpm install.
fapolicyd-1.0.1
This release allows proper listing of rules, corrects syslog logging of access, allows arbitrarily large group statements, includes more file types from /usr/share, and updates the rules based on the file types. LD_PRELOAD pattern detection was re-instated.
fapolicyd-1.0
This release brings fapolicyd to be feature complete for all the initial goals. What's new with this release is that it now has 3 integrity modes: file size, IMA, and sha256 based. It can now send event information to syslog. The syslog event information is tailorable to how you'd like to see it. There is now the ability to create sets of words that can be matched against in the rules engine. There are now 2 policies shipped: known-libs and restrictive. fapolicyd-cli can now dump the trust db for inspection. And since the integrity system needs sha256 hashes, it will print a warning for files in rpms that do not have them.
fapolicyd-0.9.4
This release polishes up the pattern detection engine. For this correction, we can only work on kernels that have FANOTIFY_OPEN_EXEC_PERM support. The rpm backend now drops most of the files in /usr/share/ to dramatically reduce memory consumption and improve startup speed. There were various code improvements to make the daemon more robust. And the commandline utility can now delete the lmdb trust database and manage the file trust source.