From 5637dfca52fb93bbbb78925ba1829c5a49490cfd Mon Sep 17 00:00:00 2001 From: Milan Lysonek Date: Thu, 6 Apr 2023 11:43:19 +0200 Subject: [PATCH] No remediation warning for fapolicy_default_deny --- .../guide/services/fapolicyd/fapolicy_default_deny/rule.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/linux_os/guide/services/fapolicyd/fapolicy_default_deny/rule.yml b/linux_os/guide/services/fapolicyd/fapolicy_default_deny/rule.yml index 52c640e858b..c2de306f60e 100644 --- a/linux_os/guide/services/fapolicyd/fapolicy_default_deny/rule.yml +++ b/linux_os/guide/services/fapolicyd/fapolicy_default_deny/rule.yml @@ -74,3 +74,7 @@ fixtext: |- permissive = 0 srg_requirement: 'The {{{ full_name }}} fapolicy module must be configured to employ a deny-all, permit-by-exception policy to allow the execution of authorized software programs.' + +warnings: + - general: + This rule doesn't come with a remediation. Before remediating the system administrator needs to create an allowlist of authorized software.