2.5 Allowlist Authorized Scripts and Report Violations

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

At Level 1, utilize Trusted Execution (TE) to log execution of applications not yet whitelisted. This can be used to update the whitelist (TSD - /etc/security/tsd/tsd.dat) so that, at Profile Level 2, non-listed scripts are actually prevented from executing.

Rationale:

Impact:

As long as the TE policies STOP_UNTRUSTED=OFF and STOP_ON_CHKFAIL=OFF the system will only log missing entries.

Solution

Default Value:

TE=OFF

See Also

https://workbench.cisecurity.org/benchmarks/7851