summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--doc/source/config.rst2
-rw-r--r--doc/source/features.rst3
2 files changed, 5 insertions, 0 deletions
diff --git a/doc/source/config.rst b/doc/source/config.rst
index cf24b10..85e9da5 100644
--- a/doc/source/config.rst
+++ b/doc/source/config.rst
@@ -264,6 +264,8 @@ The whitelist comes before the black one: if a function is both whitelisted and
264blacklisted, it'll be allowed. 264blacklisted, it'll be allowed.
265 265
266 266
267.. _virtual-patching-config:
268
267Virtual-patching 269Virtual-patching
268---------------- 270----------------
269 271
diff --git a/doc/source/features.rst b/doc/source/features.rst
index 8ecf57d..86b81fd 100644
--- a/doc/source/features.rst
+++ b/doc/source/features.rst
@@ -273,6 +273,9 @@ disable them - at the risk of breaking critical features.
273 273
274Snuffleupagus allows the user to restrict usage of specific functions per file, or per 274Snuffleupagus allows the user to restrict usage of specific functions per file, or per
275file with a matching (sha256) hash, thus allowing the use of such functions **only** in the intended places. 275file with a matching (sha256) hash, thus allowing the use of such functions **only** in the intended places.
276It can also restrict per `CIDR <https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing>`__,
277to restrict execution to users on the LAN for example. There are a *lot*
278of different filters, so make sure to read the :ref:`corresponding documentation <virtual-patching-config>`.
276 279
277Furthermore, running the `following script <https://github.com/nbs-system/snuffleupagus/blob/master/scripts/generate_rules.php>`_ will generate an hash and line-based whitelist 280Furthermore, running the `following script <https://github.com/nbs-system/snuffleupagus/blob/master/scripts/generate_rules.php>`_ will generate an hash and line-based whitelist
278of dangerous functions, droping them everywhere else: 281of dangerous functions, droping them everywhere else: