forked from linux-application-whitelisting/fapolicyd
-
Notifications
You must be signed in to change notification settings - Fork 0
/
ChangeLog
233 lines (200 loc) · 8.09 KB
/
ChangeLog
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
1.3.3
Add RuntimeDirectory to the systemd service file
1.3.2
- Remove LimitNOFILE and instead setrlimit more carefully
- Sync q_size to the documentation
- Fix multiple memory leaks
1.3.1
- Fix not complete patch for filter file renaming
1.3
- Be consistent in updating and removing file system marks
- Add escaping to /proc/mount entries
- Revise escaping of trust files
- Add LimitNOFILE to the service file
- Add dpkg support (Stephen Tridgell)
- Add support for runtime reloading of rules
1.2
- On shutdown when running reports, if trust db empty warn (Nobuhiro Iwamatsu)
- Extend state machine to skip opens after exec until dyn linker found
- Control filtering of unwanted files in rpm backend with config file
- Add support for logging rule number of decision in the audit event
1.1.7
- Re-add dropped FAN_MARK_MOUNT for monitoring events (Steven Brzozowski)
- Make some updates to allow running without an rpm back successful
1.1.6
- Correct the optional inclusion of code based on HAVE_DECL_FAN_MARK_FILESYSTEM
1.1.5
- If in debug mode, do not write audit events to audit system
- Update filesystems we dont care about
- Add --check-path to fapolicyd-cli to locate missed files
- Detect trusted static apps running programs by ld.so
- Add support for using FAN_MARK_FILESYSTEM to see bind mounted accesses
1.1.4
- Fix descriptor leak on enqueue failure (Steven Brzozowski)
- Switch SHA256 hashing to openssl
- Add --check-status to fapolicyd-cli
- If fapolicyd is already running, exit
- Do trust db size check on all fapolicyd updates
- Add bash completions
1.1.3
- Replace snprintf integer to char conversion with uitoa function
- Update the locking between the main and decision threads
- Speedup sha256 hashing by mmap'ing the object
- Add OOMScoreAdjust to fapolicyd.service
1.1.2
- Release the update lock if starting trust db read operations errors
- CVE-2022-1117 fapolicyd incorrectly detects the run time linker
- Add the btrfs to the watch_fs config option
- Fix a problem tracking trusted static apps that launch other apps
1.1.1
- Reorder patterns and loopholes in rule.d
- Add support for subject ppid rule matching
- Add support for reloading the trust database from SIGHUP
1.1
- Add support for a rules.d directory
- Add --check-config, --check-watch_fs, and --check-trustdb to fapolicyd-cli
- Add libgcrypt initialization
- Break up all the rules so they can be installed in rules.d
- Add text/x-nftables magic
- Add interpreter for s390x, ppc64le
1.0.4
- Tighten up ELF detection
- Add support for multiple trust files in a trust.d directory
- Add troubleshooting info for when the trust db is full
- In permissive mode, allow audit events when rules say to log it
- Add new rpm_sha256_only config option to the daemon
- Escape whitespaces in file names put into the file trust database
1.0.3
- Add startup and shutdown syslog message
- fapolicyd-cli open trustdb without locking to prevent daemon hang
- If db migration fails due to unlinking problem, fail startup
- Do not exit on fanotify_event read failure
- Add application/javascript to Language macro
1.0.2
- Add Group ID support for rules
- Add test cases for avl library
- Update support for multiple copies of a trusted executable
- Add support for dynamic trust updating
1.0.1
- If trust db is empty when fapolicyd-cli dumps it, say its empty
- Make fapolicyd-cli buffer bigger for rule listing
- Fix ignored db errors from check_trust_database
- Adjust ELF x-object detection
- Do device mime-type detection in-house instead of libmagic
- Allow arbitrarily large group statements
- Fix logging of object trust
- Correct denial accounting
- Add new form of LD_PRELOAD pattern detection
- Fix mount reading routine to get it all
- Update languages kept from /usr/share
1.0
- Add file size, IMA, and sha256 based integrity checking
- Add ability to send decision results to syslog
- Add ability to define the format of the syslog event
- Add support for sets in rules
- Add support for dumping the trustdb by fapolicyd-cli
- Print a warning if rpm backend doesn't have a sha256 hash
- In rpm backend, add back javascript from /usr/share
0.9.4
- Fix pattern detection in light of EXEC_PERM events
- Conserve memory by dropping unneeded lists after startup
- Do full reset of subject credentials when execve finishes
- Drop files in /usr/share, /usr/src, and /usr/include to reduce memory use
- Add error checking of the trust database
- Fixed threading issue during rpm update
- Add option to delete the trust database to cli, --delete-db
- Add option to cli to add/delete/update the file trust database
0.9.3
- In fapolicyd-cli, add a --list option to list rules
- Change lmdb to use writable mmap for startup performance improvment
- Change the database to support duplicate keys
- Provide a magic override file and use it during file inspection
- Update rules to match new magic overrides
- Add --ftype command to fapolicyd-cli
- Add database statistics to usage report
0.9.2
- Split codebase into daemon, library and cli
- Add Admin defined trust database
- Make use of librpm optional
- Updated the man pages
- Setting boost, queue, user, and group on the command line are deprecated
0.9.1
- Make watched filesystems configurable
- Improve ELF file classification
- Expose file type in debug output
- Update rules for ansible and dracut
- Skip config files in database check
- Expand definition of doc files
- Create new rule format exposing Subj and Obj trust
- Redesign the rules for trust based rules
0.9
- Convert hashes to lowercase like sha256sum outputs
- Use FAN_OPEN_EXEC_PERM for subject cache management
- Add static pattern detection
- Performance improvements
- Switch from static mounts to hotplug configuration of mount points
- Dont collect documentation in trust database
- When path is longer than lmdb can store, use a sha512 hash (Attila Lakatos)
- Cache subject trustworthiness information after lookup (Radovan Sroka)
0.8.10
- Fix segfault for rules whose subject is number oriented
- When database problem is found on startup, rebuild database
- Don't flush empty caches on database rebuild
- Revise default settings for better performance
0.8.9
- Systemd usage updates
- File permission adjustments based on selinux policy review
- Fix unterminated reads of auid & sessionid values
- Deprecate ld_preload pattern until new method exists
0.8.8
- Add FAN_OPEN_EXEC_PERM Support (Matthew Bobrowski)
- Man page updates
- Add dnf plugin to sync database when rpms install
0.8.7
- If the path has a top level symlinked dir, retry db lookup without /usr
- Fix parsing of command line options (Matthew Bobrowski)
- Add more validation of mount types (Matthew Bobrowski)
- Elf parser updates (Matthew Bobrowski)
0.8.6
- Update object hash calculation to better determine uniqueness
- Override rpm's signal handling
- Use private database as trust store
- Update the rules for python 3.6 and remove systemd exclusion
- Rename exec_dir rule option unpackaged to untrusted
- Remove unneeded rpm code
- Add support for daemon config file
- Allow database size to be configurable
- Add permissive setting, q_size, and q_depth to usage report
0.8.5
- Update spec file and license info
0.8.4
- Mask signals from deadman's switch
- Reinstate strong umask before writing report
- Use pw_gid to set the group when changing gid
- Allow the use of account names for auid & uid in rules
- Support group option on command line
0.8.3
- Add audit support for the linux-4.15 kernel
- Don't close report descriptor in report
- Fix busy loop to use poll as originally intended
- Relax timing on deadman's switch
0.8.2
- Add seccomp filter support
- Fix leaked descriptor in exe_type processing
- Add LRU cache for subject and objects
- Create fapolicyd user on install
- Update systemd service file to run as user fapolicyd
- Adjust inter-thread queue default size
- Write statistics on shutdown
- Change attribute access to hash table
- Deny access to stale pid's or fd's
- Add new pattern subject detection
- Add executable report on shutdown
- Add --no-details to suppress file/exe names on shutdown report
0.8.1
- Documentation updates
- Update rules
- Output how many rules are loaded in debug mode
- Add user commandline option
0.8
- Initial public release