selinux-ossec/ossec.te

83 lines
1.5 KiB
Text
Raw Normal View History

2015-11-18 21:19:44 -05:00
2015-11-21 18:36:57 -05:00
policy_module(ossec,1.0.12)
2015-11-18 21:19:44 -05:00
########################################
#
# Declarations
#
type ossec_t;
type ossec_bin_t;
type ossec_exec_t;
role system_r types ossec_t;
domain_type(ossec_t)
domain_entry_file(ossec_t, ossec_exec_t)
optional_policy(`
ossec_domtrans(httpd_t)
')
type ossec_var_t;
files_type(ossec_var_t)
type ossec_tmp_t;
files_tmp_file(ossec_tmp_t)
type ossec_log_t;
logging_log_file(ossec_log_t)
type ossec_etc_t;
files_config_file(ossec_etc_t)
type ossec_rule_t;
files_config_file(ossec_rule_t)
type ossec_stats_t;
files_type(ossec_stats_t)
type ossec_queue_t;
files_type(ossec_queue_t)
type ossec_script_t;
files_type(ossec_script_t)
require {
type ossec_t;
type ossec_bin_t;
type ossec_exec_t;
type ossec_var_t;
type ossec_tmp_t;
type ossec_log_t;
type ossec_etc_t;
type ossec_rule_t;
type ossec_stats_t;
type ossec_queue_t;
type ossec_script_t;
type httpd_t;
class file { rename read lock create write getattr unlink open append };
class dir { write getattr read remove_name create add_name };
}
2015-11-18 21:19:44 -05:00
########################################
#
# ossec local policy
#
#============= ossec_t ==============
#============= httpd_t ==============
allow httpd_t ossec_log_t:dir { read };
allow httpd_t ossec_log_t:file { open read getattr };
allow httpd_t ossec_queue_t:dir { read };
allow httpd_t ossec_queue_t:file { open read getattr };
allow httpd_t ossec_stats_t:dir { read };
allow httpd_t ossec_stats_t:file { open read getattr };