Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
Guide to the Secure Configuration of Anolis OS 8
Services
Application Whitelisting Daemon
Application Whitelisting Daemon
An XCCDF Group - A logical subset of the XCCDF Benchmark
Details
Profiles
Prose
Application Whitelisting Daemon
1 Rule
Fapolicyd (File Access Policy Daemon) implements application whitelisting to decide file access rights. Applications that are known via a reputation source are allowed access while unknown applications are not. The daemon makes use of the kernel's
fanotify
interface to determine file access rights.
fapolicyd Must be Configured to Limit Access to Users Home Folders
Medium Severity
fapolicyd needs be configured so that users cannot give access to their home folders to other users.