[prev in list] [next in list] [prev in thread] [next in thread] 

List:       selinux
Subject:    Policy file for 'aide' and/or 'tripwire'?
From:       Valdis.Kletnieks () vt ! edu
Date:       2004-04-27 17:52:12
Message-ID: 200404271752.i3RHqC8E015562 () turing-police ! cc ! vt ! edu
[Download RAW message or body]

Has anybody already done a policy file for Tripwire or its
open-sourced replacement 'aide'?

Trying to run 'tripwire --check' from a cron job gets this:

Apr 27 04:03:37 orange kernel: audit(1083053017.355:0): avc:  denied  { write }                     
for  pid=14045 exe=/usr/sbin/tripwire name=tripwire dev=dm-5 ino=22529
scontext=system_u:system_r:system_crond_t tcontext=system_u:object_r:var_t tclass=dir

when trying to open the TEMPDIRECTORY directory:

#  ls -ld --context /var/tripwire/
drwx------+ root     root     system_u:object_r:var_t          /var/tripwire/

(The actual database files are here:

# ls --context /var/lib/tripwire
-rw-------+ root     root     system_u:object_r:var_lib_t      orange.cirt.vt.edu.twd
-rw-------  root     root     system_u:object_r:var_lib_t      orange.cirt.vt.edu.twd.bak
drwxr-xr-x+ root     root     system_u:object_r:var_lib_t      report

It occurs to me that it would be simple but incorrect to just use setfilecon
to coerce the contexts into something that works, and that a separate
set of tripwire_t and/or aide_t contexts is probably desired.  Having no wish
to reinvent the wheel, has anybody done this already?


[Attachment #3 (application/pgp-signature)]
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

[prev in list] [next in list] [prev in thread] [next in thread]