As part of best practices for cybersecurity our agency is working to implement fapolicyd which is a whitelist of executables and libraries that an application/user can access.
This is being put into place not only at my agency but will be something that is implemented at many if not all US Government agencies as part of the cyber security envelope. I would like to see that this rules list for Ricoh Process Director be created and offered to your customers because we do not have the insight into your application and relevant applications and libraries as your development and security teams.
A summary of fapolicyd is listed below:
File Access Policy Daemon
fapolicyd [options]
fapolicyd is a userspace daemon that determines access rights to files based on a trust database and file or process attributes. It can be used to either blacklist or whitelist file access and execution.
Configuring fapolicyd is done with the files in the /etc/fapolicyd/ directory. There are three files: compiled.rules , fapolicyd.conf , and fapolicyd.trust. The first one contains the access policy, the second determines the daemon's configuration, and the last allows admin defined trusted files.
