Whitelisting packages

Package whitelisting serves as a security measure to control which packages and classes are allowed to be loaded and executed within an application. This can help make sure authorized code from running within the application.

Whitelisting packages in RPM

To whitelist packages in RPM

  1. Go to /usr/local/openiam/services.
  2. Modify start.sh.
  3. Add the following argument there.

You may need to do it for the script connector if you use extra packages in connector groovy scripts. Hence, the same should be done for start.sh in /usr/local/openiam/connectors.

Redeploy service to apply the change.

Whitelisting packages in Docker Compose

To whitelist packages in docker compose

  • Go to the yaml file of the service and change the following line in them.

To apply the changes, redeploy service, for example by restarting it.

Whitelisting packages in Kubernetes

To whitelist packages in Kubernetes

  • Use variables in terraform script to add following arguments for the services for which you want to whitelist packages.

An example of whitelisting procedure for java.io package is given in the document by the link.