Linux System Utilities for Signing
The following table includes recommendations on the system and file system specific utilities for inclusion in the signature set to allow or deny root execution.
EXT Utilities | Deny/Allow | XFS | Deny/Allow | Generic Utilities | Deny/Allow |
---|---|---|---|---|---|
badblock |
Allow | fsck.xfs |
Allow | mount |
Allow |
debugfs |
Deny | mkfs.xfs |
Allow | umount |
Allow |
e2freefrag |
Allow | xfs_repair |
Allow | dmsetup |
Allow |
e2fsck |
Allow | xfs_admin |
Allow | ||
e2image |
Allow | xfs_bmap |
Allow | ||
e2label |
Allow | xfs_check |
Allow | ||
e2undo |
Allow | xfs_copy |
Deny | ||
filefrag |
Allow | xfs_db |
Deny | ||
fsck.ext2 |
Allow | xfs_estimate |
Allow | ||
fsck.ext3 |
Allow | xfs_freeze |
Allow | ||
fsck.ext4 |
Allow | xfs_fsr |
Allow | ||
logsave |
Allow | xfs_growfs |
Allow | ||
mke2fs |
Allow | xfs_info |
Allow | ||
mkfs.ext2 |
Allow | xfs_logprint |
Allow | ||
mkfs.ext3 |
Allow | xfs_mdrestore |
Allow | ||
mkfs.ext4 |
Allow | xfs_metadump |
Allow | ||
resize2fs |
Allow | xfs_mkfile |
Deny | ||
tune2fs |
Allow | xfs_ncheck |
Allow |