Keep Packages Coherent
Customize how your workloads are hardened
By default, RapidFort will remove all unused files and packages during hardening.
One way to customize this is by using the hardening option --keep-pkgs-coherent, which keeps all package files for packages with at least one used executable file and helps maintain the integrity of packages.

Tutorial: Keep Packages Coherent

Part 1: Generate and exercise the stub image

Step 1.1: Pull the Debian Docker image
docker pull debian:latest
Step 1.2: Generate a stub image
rfstub debian:latest
Step 1.3: Run the stub image
docker run --rm -dt --name=rf-test --cap-add=SYS_PTRACE debian:latest-rfstub
Step 1.4: Test the stub image
Executing this command in the stub image will ensure that ‘ls -lrta’ is preserved, so we can use it to verify files in our hardened image later.
docker exec -it rf-test bash -c "ls -lrta; echo testing"
Step 1.5: Stop the running instance
docker stop rf-test

Part 2: Harden with --keep-pkgs-coherent

Step 2.2: Harden with --keep-pkgs-coherent

rfharden --keep-pkgs-coherent debian:latest-rfstub
Step 2.3: Verify package files in hardened image
Follow the User Interface to Packages>In Use. Since at least 1 file from ‘libpcre 2-8-0’ was used, keeping packages coherent will have kept all of its files. Run the following to verify that this package has had its files preserved.
docker run --rm -it debian:latest-rfhardened bash -c "ls -lrta usr/share/doc/libpcre2-8-0/copyright"
This should return usr/share/doc/libpcre2-8-0/copyright.

Part 3: Harden without --keep-pkgs-coherent

Step 3.1: Harden without --keep-pkgs-coherent

rfharden debian:latest-rfstub

Step 3.2: Verify package files are not in hardened image

Run the following to verify that the libpcre2-8-0 package has had some of its files removed.
docker run --rm -it debian:latest-rfhardened bash -c "ls -lrta usr/share/doc/libpcre2-8-0/copyright"
This should return No such file or directory.

Step 3.3: Verify package files are in hardened image

Run the following to verify that the libpcre2-8.so.0.10.1 package has had some of its files preserved.
docker run --rm -it debian:latest-rfhardened bash -c "ls -lrta /usr/lib/x86_64-linux-gnu/libpcre2-8.so.0.10.1"
This should return /usr/lib/x86_64-linux-gnu/libpcre2-8.so.0.10.1.