'[refpolicy] yule'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       refpolicy
Subject:    [refpolicy] yule
From:       konrad.azzopardi () gmail ! com (Konrad Azzopardi)
Date:       2008-11-30 16:17:49
Message-ID: af1a12460811300817w677a1f97xe26ec78734324b63 () mail ! gmail ! com
[Download RAW message or body]

Hi all,

I made some updates, namely added /var/lib/yule , since it seems to be
needed although directory is empty {probably used by extra modules}.

Tnx
Konrad

On Sun, Nov 30, 2008 at 3:31 PM, Konrad Azzopardi
<konrad.azzopardi at gmail.com> wrote:
> Dear all,
>
> I am confining a service called 'yule' , which is the central server
> for the file integrity checker SAMHAIN.
>
> Something about the server :
>
> Binary file is at /usr/local/sbin/yule
> Startup script is at /etc/rc.d/init.d/yule      --
> Config file : /etc/yulerc
> Logfiles /var/log/yule(/.*)?
> PID file is at /var/run/yule.pid
>
> It optionally uses mysql and I have put this as a boolean. I would
> appreciate if somebody review the files and give me some feedback to
> know if i am on the right track.
>
> I have only one question....When I issue a stop by  /etc/init.d/yule stop
> I get all sorts of avc denials, however the daemon still stops. From
> the avc denials and also via an strace it is evident that the stop
> script is somehow doing a search in all proc directory. What is the
> best thing to do here ? Allowing search to all types in /proc or make
> a dontaudit and in both cases is there a macro that captures all types
> inside /proc {don't think so}.
>
> Many thanks for your help
> Konrad
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: yule.fc
Type: application/octet-stream
Size: 501 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20081130/d20b20e5/attachment.obj 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: yule.if
Type: application/octet-stream
Size: 1612 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20081130/d20b20e5/attachment-0001.obj 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: yule.te
Type: application/octet-stream
Size: 2466 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20081130/d20b20e5/attachment-0002.obj 

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic