I am trying to implement Application Control on Red Hat Enterprise Linux (RHEL), but I am running into issues trying to whitelist java files and prevent both new java files and new script files from executing:
a) HOW DO I whitelist .jar and .class java files so that existing Java files are whitelisted, but any new Java .class or .jar files added are prevented from executing on RHEL?
b) HOW DO I prevent new script files from running using their command line script interpreter on RHEL?
Example: If I have a bunch of script files that have "#!/bin/bash" in their header installed on a RHEL system, and then solidify, these scripts are whitelisted.
If I then create a new script file test.sh with #!/bin/bash in its header, Application Control prevents this file from being executed using ./test.sh.
BUT.... it ALLOWS this script to be executed run using bash ./test.sh. HOW DO I PREVENT THIS?
It would appear that the sadmin scripts add [file extension] [executable] command (e.g. sadmin scripts add .jar java for a above AND sadmin scripts add .sh bash for b above) would solve this problem.
But, the sadmin scripts feature does NOT appear to be available on RHEL version of Solidcore (currently using version 6.1.0-9500 on RHEL 5)
How can I go about performing a and b above?