1FAPOLICYD-CLI(1)        System Administration Utilities       FAPOLICYD-CLI(1)
2
3
4

NAME

6       fapolicyd-cli - Fapolicyd CLI Tool
7

SYNOPSIS

9       fapolicyd-cli [options]
10

DESCRIPTION

12       The fapolicyd command line utility is a tool to tell the daemon that it
13       needs to update the trust database. Normally, the  daemon  learns  that
14       the  trust  database needs updating because it uses a dnf plugin to in‐
15       form it. However, you may install an rpm by hand and it can't see  that
16       a system package was installed or updated. Or perhaps the admin updates
17       the fapolicyd.trust file and would like the changes to take effect  im‐
18       mediately.  In either of these cases, you would need to tell the daemon
19       that it needs to do an update by running this command.
20

OPTIONS

22       -h, --help
23              Prints a list of command line options.
24
25       --check-config
26              Opens fapolicyd.conf and parses it to see if there are any  syn‐
27              tax errors in the file.
28
29       --check-path
30              Check  the  PATH  environmental  variable against the trustdb to
31              look for file not in the trustdb which could cause  problems  at
32              run time.
33
34       --check-status
35              Dump the daemon's internal performance statistics.
36
37       --check-trustdb
38              Check  the  trustdb  against  the files on disk to look for mis‐
39              matches that will cause problems at run time.
40
41       --check-watch_fs
42              Check the mounted file systems against the watch_fs daemon  con‐
43              fig  entry  to determine if any file systems need to be added to
44              the configuration.
45
46       -d, --delete-db
47              Deletes the trust database. Normally  this  never  needs  to  be
48              done.  But  if  for  some reason the trust database becomes cor‐
49              rupted, then the only method of recovery is to run this command.
50
51       -D, --dump-db
52              Dumps the trust db contents for inspection. This will print  the
53              original  trust  source,  path, file size, and SHA256 sum of the
54              file as known by the trust source the entry came from.
55
56       -f, --file add|delete|update [path]
57              Manage the file trust database.
58
59              add         This command adds the file  given  by  path  to  the
60                          trust  database. It gets the size and calculates the
61                          required SHA256 hash. If the path is a directory, it
62                          will  walk  the directory tree to the bottom and add
63                          every regular file that it finds.  By  default,  the
64                          path  is  appended to the end of the fapolicyd.trust
65                          file.
66
67              delete      This command deletes all entries that match from the
68                          trust  database.  It  will try to match multiple en‐
69                          tries so that entire directories can be  deleted  in
70                          one  command. To ensure that you only match a direc‐
71                          tory and not a partial name, be  sure  to  end  with
72                          '/'.
73
74              update      This command updates the size and hash of any match‐
75                          ing paths in the file trust database. If no path  is
76                          given, then all files are updated. If an argument is
77                          passed, then only matching paths get updated. If the
78                          intent  is to match against a directory, ensure that
79                          it ends with '/'.
80
81       --trust-file trust-file-name
82              Use after file option. Makes every command of file option  oper‐
83              ate on a single trust file named trust-file-name that is located
84              inside trust.d directory. If a trust file with such a name  does
85              not exist inside trust.d directory, it is created.
86
87       -t, --ftype /path/to/file
88              Prints  the  mime  type  of  the file given. A full path must be
89              specified. This command is intended to help get the ftype param‐
90              eter  of rules correct by seeing how fapolicyd will classify it.
91              Fapolicyd may differ from the file command.
92
93       -l, --list
94              Prints a listing of the fapolicyd rules file with a rule  number
95              to  aid  in  troubleshooting  or understanding of the debug mes‐
96              sages.
97
98       -u, --update
99              Notifies fapolicyd to perform an update of the trust database.
100

SEE ALSO

102       fapolicyd(8),  fapolicyd.rules(5),  fapolicyd.trust(5),   and   fapoli‐
103       cyd.conf(5)
104
105

AUTHOR

107       Zoltan Fridrich
108
109
110
111Red Hat                            Dec 2021                   FAPOLICYD-CLI(1)
Impressum