[prev in list] [next in list] [prev in thread] [next in thread]
List: selinux
Subject: Policy file for 'aide' and/or 'tripwire'?
From: Valdis.Kletnieks () vt ! edu
Date: 2004-04-27 17:52:12
Message-ID: 200404271752.i3RHqC8E015562 () turing-police ! cc ! vt ! edu
[Download RAW message or body]
Has anybody already done a policy file for Tripwire or its
open-sourced replacement 'aide'?
Trying to run 'tripwire --check' from a cron job gets this:
Apr 27 04:03:37 orange kernel: audit(1083053017.355:0): avc: denied { write }
for pid=14045 exe=/usr/sbin/tripwire name=tripwire dev=dm-5 ino=22529
scontext=system_u:system_r:system_crond_t tcontext=system_u:object_r:var_t tclass=dir
when trying to open the TEMPDIRECTORY directory:
# ls -ld --context /var/tripwire/
drwx------+ root root system_u:object_r:var_t /var/tripwire/
(The actual database files are here:
# ls --context /var/lib/tripwire
-rw-------+ root root system_u:object_r:var_lib_t orange.cirt.vt.edu.twd
-rw------- root root system_u:object_r:var_lib_t orange.cirt.vt.edu.twd.bak
drwxr-xr-x+ root root system_u:object_r:var_lib_t report
It occurs to me that it would be simple but incorrect to just use setfilecon
to coerce the contexts into something that works, and that a separate
set of tripwire_t and/or aide_t contexts is probably desired. Having no wish
to reinvent the wheel, has anybody done this already?
[Attachment #3 (application/pgp-signature)]
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic