Operating System and Software
- Rocky Linux (RHEL)
- 7.x
- 8.x
Problem
- We are looking to apply an
application whitelistingmechanism in RHEL workstations, where users are allowed to run certain binaries, while running anything else is not allowed. For example, trusted applications, let’s say gedit, is allowed, while running applications/scripts that are not whitelisted will be rejected.SELinuxis abehavioral whitelisting, not sure ifApplication whitelistingis feasible. - Is there any mechanism to apply such thing in RHEL? and products in the market you’re aware of that performs something similar?
- Restrict the execution of executable and script.
- Does application server whitelist or control executable and script executor such as
Microsoft Applocker, CLI setups to restrict the execution of executable and script to an approved set and authorised individuals?
How to Fix
There is no such mechanism available in RHEL 6 or 7 for application whitelisting, but there is a new mechanism available for Rocky Linux 8.
For CentOS 7, SELinux is there. Users can write own policy or can use a third-party application and to reach out to the application vendor for supportability.
For Rocky Linux 8 as well SELinux is there and users can write own policy. Or fapolicyd which is the best option and it’s a new feature added in Rocky Linux 8. For more information refer to Blocking and allowing applications using fapolicyd in RHEL chapter.
However, there are so many third-party solutions providing such features for RHEL systems such as antivirus solutions. This link states that the McAfee Application Control is certified with Red Hat but for any support, costumers need to contact the application vendor. As it is third-party it will not be supported by Red Hat.
Although, users can use the third-party applications but Red Hat do not recommend any specific application nor support such applications.