Confined the queue directory and sock files.
This commit is contained in:
parent
aeb1ee4e6b
commit
df1baf710e
3 changed files with 134 additions and 36 deletions
14
ossec.fc
14
ossec.fc
|
@ -8,10 +8,22 @@
|
||||||
#/var/log/mlogc/data(/.*)? gen_context(system_u:object_r:mlogc_log_t,s0)
|
#/var/log/mlogc/data(/.*)? gen_context(system_u:object_r:mlogc_log_t,s0)
|
||||||
|
|
||||||
/var/ossec/logs(/.*)? gen_context(system_u:object_r:ossec_log_t,s0)
|
/var/ossec/logs(/.*)? gen_context(system_u:object_r:ossec_log_t,s0)
|
||||||
/var/ossec/queue(/.*)? gen_context(system_u:object_r:ossec_queue_t,s0)
|
|
||||||
/var/ossec/stats(/.*)? gen_context(system_u:object_r:ossec_stats_t,s0)
|
/var/ossec/stats(/.*)? gen_context(system_u:object_r:ossec_stats_t,s0)
|
||||||
/var/ossec/agentless(/.*)? gen_context(system_u:object_r:ossec_var_t,s0)
|
/var/ossec/agentless(/.*)? gen_context(system_u:object_r:ossec_var_t,s0)
|
||||||
|
|
||||||
|
/var/ossec/queue(/.*)? gen_context(system_u:object_r:ossec_queue_t,s0)
|
||||||
|
/var/ossec/queue/rids(/.*)? gen_context(system_u:object_r:ossec_remoted_file_t,s0)
|
||||||
|
/var/ossec/queue/agent-info(/.*)? gen_context(system_u:object_r:ossec_remoted_file_t,s0)
|
||||||
|
/var/ossec/queue/fts(/.*)? gen_context(system_u:object_r:ossec_analysisd_file_t,s0)
|
||||||
|
/var/ossec/queue/syscheck(/.*)? gen_context(system_u:object_r:ossec_analysisd_file_t,s0)
|
||||||
|
/var/ossec/queue/rootcheck(/.*)? gen_context(system_u:object_r:ossec_analysisd_file_t,s0)
|
||||||
|
/var/ossec/queue/alerts/execq -s gen_context(system_u:object_r:ossec_execd_sock_t,s0)
|
||||||
|
/var/ossec/queue/alerts/ar -s gen_context(system_u:object_r:ossec_remoted_sock_t,s0)
|
||||||
|
/var/ossec/queue/ossec/queue -s gen_context(system_u:object_r:ossec_analysisd_sock_t,s0)
|
||||||
|
#/var/ossec/queue/fts/hostinfo -- gen_context(system_u:object_r:ossec_analysisd_file_t,s0)
|
||||||
|
#/var/ossec/queue/fts/fts-queue -- gen_context(system_u:object_r:ossec_analysisd_file_t,s0)
|
||||||
|
#/var/ossec/queue/fts/ig-queue -- gen_context(system_u:object_r:ossec_analysisd_file_t,s0)
|
||||||
|
|
||||||
/var/ossec/var/run(/.*)? gen_context(system_u:object_r:ossec_var_run_t,s0)
|
/var/ossec/var/run(/.*)? gen_context(system_u:object_r:ossec_var_run_t,s0)
|
||||||
/var/ossec/var/execd\.sqlite -- gen_context(system_u:object_r:ossec_execd_file_t,s0)
|
/var/ossec/var/execd\.sqlite -- gen_context(system_u:object_r:ossec_execd_file_t,s0)
|
||||||
/var/ossec/var/execd\.sqlite-journal -- gen_context(system_u:object_r:ossec_execd_journal_t,s0)
|
/var/ossec/var/execd\.sqlite-journal -- gen_context(system_u:object_r:ossec_execd_journal_t,s0)
|
||||||
|
|
42
ossec.if
42
ossec.if
|
@ -177,6 +177,48 @@ interface(`ossec_read_queue',`
|
||||||
allow $1 var_t:dir search_dir_perms;
|
allow $1 var_t:dir search_dir_perms;
|
||||||
allow $1 ossec_queue_t:dir list_dir_perms;
|
allow $1 ossec_queue_t:dir list_dir_perms;
|
||||||
allow $1 ossec_queue_t:file read_file_perms;
|
allow $1 ossec_queue_t:file read_file_perms;
|
||||||
|
allow $1 ossec_remoted_file_t:dir list_dir_perms;
|
||||||
|
allow $1 ossec_remoted_file_t:file read_file_perms;
|
||||||
|
allow $1 ossec_analysisd_file_t:dir list_dir_perms;
|
||||||
|
allow $1 ossec_analysisd_file_t:file read_file_perms;
|
||||||
#read_files_pattern($1, ossec_queue_t, ossec_queue_t)
|
#read_files_pattern($1, ossec_queue_t, ossec_queue_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
|
########################################
|
||||||
|
## <summary>
|
||||||
|
## Create objects in the spool directory
|
||||||
|
## with a private type with a type transition.
|
||||||
|
## </summary>
|
||||||
|
## <param name="domain">
|
||||||
|
## <summary>
|
||||||
|
## Domain allowed access.
|
||||||
|
## </summary>
|
||||||
|
## </param>
|
||||||
|
## <param name="file">
|
||||||
|
## <summary>
|
||||||
|
## Type to which the created node will be transitioned.
|
||||||
|
## </summary>
|
||||||
|
## </param>
|
||||||
|
## <param name="class">
|
||||||
|
## <summary>
|
||||||
|
## Object class(es) (single or set including {}) for which this
|
||||||
|
## the transition will occur.
|
||||||
|
## </summary>
|
||||||
|
## </param>
|
||||||
|
## <param name="name" optional="true">
|
||||||
|
## <summary>
|
||||||
|
## The name of the object being created.
|
||||||
|
## </summary>
|
||||||
|
## </param>
|
||||||
|
#
|
||||||
|
interface(`ossec_queue_filetrans',`
|
||||||
|
gen_require(`
|
||||||
|
type var_t;
|
||||||
|
type ossec_queue_t;
|
||||||
|
')
|
||||||
|
|
||||||
|
allow $1 var_t:dir search_dir_perms;
|
||||||
|
allow $1 ossec_queue_t:dir search_dir_perms;
|
||||||
|
filetrans_pattern($1, ossec_queue_t, $2, $3, $4)
|
||||||
|
')
|
||||||
|
|
||||||
|
|
114
ossec.te
114
ossec.te
|
@ -1,5 +1,5 @@
|
||||||
|
|
||||||
policy_module(ossec,1.0.201)
|
policy_module(ossec,1.0.238)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
|
@ -26,12 +26,19 @@ files_type(ossec_execd_file_t)
|
||||||
type ossec_execd_journal_t;
|
type ossec_execd_journal_t;
|
||||||
files_type(ossec_execd_journal_t)
|
files_type(ossec_execd_journal_t)
|
||||||
|
|
||||||
|
type ossec_execd_sock_t;
|
||||||
|
files_type(ossec_execd_sock_t)
|
||||||
|
|
||||||
# ossec-analysisd daemon
|
# ossec-analysisd daemon
|
||||||
type ossec_analysisd_t;
|
type ossec_analysisd_t;
|
||||||
type ossec_analysisd_exec_t;
|
type ossec_analysisd_exec_t;
|
||||||
init_daemon_domain(ossec_analysisd_t, ossec_analysisd_exec_t)
|
init_daemon_domain(ossec_analysisd_t, ossec_analysisd_exec_t)
|
||||||
type ossec_analysisd_configfile_t;
|
type ossec_analysisd_configfile_t;
|
||||||
files_config_file(ossec_analysisd_configfile_t);
|
files_config_file(ossec_analysisd_configfile_t)
|
||||||
|
type ossec_analysisd_file_t;
|
||||||
|
files_type(ossec_analysisd_file_t)
|
||||||
|
type ossec_analysisd_sock_t;
|
||||||
|
files_type(ossec_analysisd_sock_t)
|
||||||
|
|
||||||
# ossec-logcollector daemon
|
# ossec-logcollector daemon
|
||||||
type ossec_logcollector_t;
|
type ossec_logcollector_t;
|
||||||
|
@ -44,7 +51,10 @@ type ossec_remoted_exec_t;
|
||||||
init_daemon_domain(ossec_remoted_t, ossec_remoted_exec_t)
|
init_daemon_domain(ossec_remoted_t, ossec_remoted_exec_t)
|
||||||
type ossec_remoted_configfile_t;
|
type ossec_remoted_configfile_t;
|
||||||
files_config_file(ossec_remoted_configfile_t);
|
files_config_file(ossec_remoted_configfile_t);
|
||||||
|
type ossec_remoted_file_t;
|
||||||
|
files_type(ossec_remoted_file_t)
|
||||||
|
type ossec_remoted_sock_t;
|
||||||
|
files_type(ossec_remoted_sock_t)
|
||||||
|
|
||||||
# ossec-syscheckd daemon
|
# ossec-syscheckd daemon
|
||||||
type ossec_syscheckd_t;
|
type ossec_syscheckd_t;
|
||||||
|
@ -184,8 +194,12 @@ allow ossec_execd_t ossec_var_run_t:file manage_file_perms;
|
||||||
ossec_pid_filetrans(ossec_execd_t, ossec_var_run_t, file)
|
ossec_pid_filetrans(ossec_execd_t, ossec_var_run_t, file)
|
||||||
|
|
||||||
# queue dir
|
# queue dir
|
||||||
rw_dirs_pattern(ossec_execd_t, ossec_queue_t, ossec_queue_t)
|
ossec_queue_filetrans(ossec_execd_t, ossec_execd_sock_t, sock_file)
|
||||||
manage_sock_files_pattern(ossec_execd_t, ossec_queue_t, ossec_queue_t);
|
manage_sock_files_pattern(ossec_execd_t, ossec_queue_t, ossec_execd_sock_t)
|
||||||
|
#allow ossec_execd_t ossec_queue_t:dir rw_dir_perms;
|
||||||
|
#allow ossec_execd_t ossec_execd_sock_t:sock_file manage_sock_file_perms;
|
||||||
|
#rw_dirs_pattern(ossec_execd_t, ossec_queue_t, ossec_queue_t)
|
||||||
|
#manage_sock_files_pattern(ossec_execd_t, ossec_queue_t, ossec_queue_t);
|
||||||
|
|
||||||
# logs
|
# logs
|
||||||
allow ossec_execd_t ossec_log_t:file { create_file_perms append_file_perms read };
|
allow ossec_execd_t ossec_log_t:file { create_file_perms append_file_perms read };
|
||||||
|
@ -196,7 +210,8 @@ search_dirs_pattern(ossec_execd_t, ossec_ar_bin_t, ossec_ar_bin_t)
|
||||||
corecmd_exec_shell(ossec_execd_t)
|
corecmd_exec_shell(ossec_execd_t)
|
||||||
|
|
||||||
# dgram socket
|
# dgram socket
|
||||||
allow ossec_execd_t self:unix_dgram_socket { create bind getopt read write };
|
allow ossec_execd_t self:unix_dgram_socket create_stream_socket_perms;
|
||||||
|
#allow ossec_execd_t self:unix_dgram_socket { create bind getopt read write };
|
||||||
|
|
||||||
# Read urandom
|
# Read urandom
|
||||||
dev_read_urand(ossec_execd_t)
|
dev_read_urand(ossec_execd_t)
|
||||||
|
@ -221,18 +236,25 @@ allow ossec_analysisd_t ossec_var_run_t:file manage_file_perms;
|
||||||
ossec_pid_filetrans(ossec_analysisd_t, ossec_var_run_t, file)
|
ossec_pid_filetrans(ossec_analysisd_t, ossec_var_run_t, file)
|
||||||
|
|
||||||
# queue dir
|
# queue dir
|
||||||
rw_dirs_pattern(ossec_analysisd_t, ossec_queue_t, ossec_queue_t)
|
ossec_queue_filetrans(ossec_analysisd_t, ossec_analysisd_file_t, file)
|
||||||
rw_files_pattern(ossec_analysisd_t, ossec_queue_t, ossec_queue_t)
|
rw_files_pattern(ossec_analysisd_t, ossec_analysisd_file_t, ossec_analysisd_file_t)
|
||||||
manage_sock_files_pattern(ossec_analysisd_t, ossec_queue_t, ossec_queue_t)
|
|
||||||
|
ossec_queue_filetrans(ossec_analysisd_t, ossec_analysisd_sock_t, sock_file)
|
||||||
|
manage_sock_files_pattern(ossec_analysisd_t, ossec_queue_t, ossec_analysisd_sock_t)
|
||||||
|
|
||||||
|
dgram_send_pattern(ossec_analysisd_t, ossec_queue_t, ossec_execd_sock_t, ossec_execd_t)
|
||||||
|
dgram_send_pattern(ossec_analysisd_t, ossec_queue_t, ossec_remoted_sock_t, ossec_remoted_t)
|
||||||
|
|
||||||
|
#allow ossec_analysisd_t ossec_queue_t:dir rw_dir_perms;
|
||||||
|
|
||||||
|
#manage_sock_files_pattern(ossec_analysisd_t, ossec_queue_t, ossec_analysisd_sock_t)
|
||||||
|
#rw_dirs_pattern(ossec_analysisd_t, ossec_queue_t, ossec_queue_t)
|
||||||
|
#rw_files_pattern(ossec_analysisd_t, ossec_queue_t, ossec_queue_t)
|
||||||
|
#manage_sock_files_pattern(ossec_analysisd_t, ossec_queue_t, ossec_queue_t)
|
||||||
|
|
||||||
# stats dir
|
# stats dir
|
||||||
append_files_pattern(ossec_analysisd_t, ossec_stats_t, ossec_stats_t)
|
append_files_pattern(ossec_analysisd_t, ossec_stats_t, ossec_stats_t)
|
||||||
allow ossec_analysisd_t ossec_stats_t:file read_file_perms;
|
allow ossec_analysisd_t ossec_stats_t:file read_file_perms;
|
||||||
#ossec_manage_stats(ossec_analysisd_t)
|
|
||||||
#rw_dirs_pattern(ossec_analysisd_t, ossec_stats_t, ossec_stats_t)
|
|
||||||
#rw_files_pattern(ossec_analysisd_t, ossec_stats_t, ossec_stats_t)
|
|
||||||
#create_files_pattern(ossec_analysisd_t, ossec_stats_t, ossec_stats_t)
|
|
||||||
#append_files_pattern(ossec_analysisd_t, ossec_stats_t, ossec_stats_t)
|
|
||||||
|
|
||||||
# logs
|
# logs
|
||||||
allow ossec_analysisd_t ossec_log_t:file { create_file_perms append_file_perms read link unlink };
|
allow ossec_analysisd_t ossec_log_t:file { create_file_perms append_file_perms read link unlink };
|
||||||
|
@ -243,9 +265,10 @@ search_dirs_pattern(ossec_analysisd_t, ossec_rule_t, ossec_rule_t)
|
||||||
read_files_pattern(ossec_analysisd_t, ossec_rule_t, ossec_rule_t)
|
read_files_pattern(ossec_analysisd_t, ossec_rule_t, ossec_rule_t)
|
||||||
|
|
||||||
# dgram socket
|
# dgram socket
|
||||||
allow ossec_analysisd_t self:unix_dgram_socket { create bind getopt connect read write };
|
allow ossec_analysisd_t self:unix_dgram_socket create_stream_socket_perms;
|
||||||
allow ossec_analysisd_t ossec_execd_t:unix_dgram_socket { sendto };
|
#allow ossec_analysisd_t self:unix_dgram_socket { create bind getopt connect read write };
|
||||||
allow ossec_analysisd_t ossec_remoted_t:unix_dgram_socket { sendto };
|
##allow ossec_analysisd_t ossec_execd_t:unix_dgram_socket { sendto };
|
||||||
|
#allow ossec_analysisd_t ossec_remoted_t:unix_dgram_socket { sendto };
|
||||||
|
|
||||||
|
|
||||||
#============= ossec_logcollector_t ==============
|
#============= ossec_logcollector_t ==============
|
||||||
|
@ -262,8 +285,9 @@ allow ossec_logcollector_t ossec_var_run_t:file manage_file_perms;
|
||||||
ossec_pid_filetrans(ossec_logcollector_t, ossec_var_run_t, file)
|
ossec_pid_filetrans(ossec_logcollector_t, ossec_var_run_t, file)
|
||||||
|
|
||||||
# queue dir
|
# queue dir
|
||||||
search_dirs_pattern(ossec_logcollector_t, ossec_queue_t, ossec_queue_t)
|
dgram_send_pattern(ossec_logcollector_t, ossec_queue_t, ossec_analysisd_sock_t, ossec_analysisd_t)
|
||||||
manage_sock_files_pattern(ossec_logcollector_t, ossec_queue_t, ossec_queue_t)
|
#search_dirs_pattern(ossec_logcollector_t, ossec_queue_t, ossec_queue_t)
|
||||||
|
#manage_sock_files_pattern(ossec_logcollector_t, ossec_queue_t, ossec_queue_t)
|
||||||
|
|
||||||
# logs
|
# logs
|
||||||
allow ossec_logcollector_t ossec_log_t:file { create_file_perms append_file_perms read };
|
allow ossec_logcollector_t ossec_log_t:file { create_file_perms append_file_perms read };
|
||||||
|
@ -276,8 +300,9 @@ logging_read_all_logs(ossec_logcollector_t)
|
||||||
#read_files_pattern(ossec_logcollector_t, var_log_t, var_log_t)
|
#read_files_pattern(ossec_logcollector_t, var_log_t, var_log_t)
|
||||||
|
|
||||||
# dgram socket
|
# dgram socket
|
||||||
allow ossec_logcollector_t self:unix_dgram_socket { create bind getopt connect write };
|
allow ossec_logcollector_t self:unix_dgram_socket create_socket_perms;
|
||||||
allow ossec_logcollector_t ossec_analysisd_t:unix_dgram_socket { sendto };
|
#allow ossec_logcollector_t self:unix_dgram_socket { create bind getopt connect write };
|
||||||
|
#allow ossec_logcollector_t ossec_analysisd_t:unix_dgram_socket { sendto };
|
||||||
|
|
||||||
|
|
||||||
#============= ossec_remoted_t ==============
|
#============= ossec_remoted_t ==============
|
||||||
|
@ -296,9 +321,17 @@ allow ossec_remoted_t ossec_var_run_t:file manage_file_perms;
|
||||||
ossec_pid_filetrans(ossec_remoted_t, ossec_var_run_t, file)
|
ossec_pid_filetrans(ossec_remoted_t, ossec_var_run_t, file)
|
||||||
|
|
||||||
# queue dir
|
# queue dir
|
||||||
search_dirs_pattern(ossec_remoted_t, ossec_queue_t, ossec_queue_t)
|
dgram_send_pattern(ossec_remoted_t, ossec_queue_t, ossec_analysisd_sock_t, ossec_analysisd_t)
|
||||||
rw_files_pattern(ossec_remoted_t, ossec_queue_t, ossec_queue_t)
|
#allow ossec_remoted_t ossec_queue_t:dir rw_dir_perms;
|
||||||
manage_sock_files_pattern(ossec_remoted_t, ossec_queue_t, ossec_queue_t)
|
ossec_queue_filetrans(ossec_remoted_t, ossec_remoted_sock_t, sock_file)
|
||||||
|
manage_sock_files_pattern(ossec_remoted_t, ossec_queue_t, ossec_remoted_sock_t)
|
||||||
|
|
||||||
|
# queue/rids/
|
||||||
|
rw_files_pattern(ossec_remoted_t, ossec_remoted_file_t, ossec_remoted_file_t)
|
||||||
|
|
||||||
|
#search_dirs_pattern(ossec_remoted_t, ossec_queue_t, ossec_queue_t)
|
||||||
|
#rw_files_pattern(ossec_remoted_t, ossec_queue_t, ossec_queue_t)
|
||||||
|
#manage_sock_files_pattern(ossec_remoted_t, ossec_queue_t, ossec_queue_t)
|
||||||
|
|
||||||
# logs
|
# logs
|
||||||
allow ossec_remoted_t ossec_log_t:file { create_file_perms append_file_perms read };
|
allow ossec_remoted_t ossec_log_t:file { create_file_perms append_file_perms read };
|
||||||
|
@ -311,8 +344,9 @@ corenet_udp_bind_generic_node(ossec_remoted_t)
|
||||||
#allow ossec_remoted_t self:tcp_socket { create bind };
|
#allow ossec_remoted_t self:tcp_socket { create bind };
|
||||||
|
|
||||||
# dgram socket
|
# dgram socket
|
||||||
allow ossec_remoted_t self:unix_dgram_socket { create bind getopt connect read write };
|
allow ossec_remoted_t self:unix_dgram_socket create_stream_socket_perms;
|
||||||
allow ossec_remoted_t ossec_analysisd_t:unix_dgram_socket { sendto };
|
#allow ossec_remoted_t self:unix_dgram_socket { create bind getopt connect read write };
|
||||||
|
#allow ossec_remoted_t ossec_analysisd_t:unix_dgram_socket { sendto };
|
||||||
|
|
||||||
|
|
||||||
#============= ossec_syscheckd_t ==============
|
#============= ossec_syscheckd_t ==============
|
||||||
|
@ -330,16 +364,18 @@ allow ossec_syscheckd_t ossec_var_run_t:file manage_file_perms;
|
||||||
ossec_pid_filetrans(ossec_syscheckd_t, ossec_var_run_t, file)
|
ossec_pid_filetrans(ossec_syscheckd_t, ossec_var_run_t, file)
|
||||||
|
|
||||||
# queue dir
|
# queue dir
|
||||||
search_dirs_pattern(ossec_syscheckd_t, ossec_queue_t, ossec_queue_t)
|
dgram_send_pattern(ossec_syscheckd_t, ossec_queue_t, ossec_analysisd_sock_t, ossec_analysisd_t)
|
||||||
manage_sock_files_pattern(ossec_syscheckd_t, ossec_queue_t, ossec_queue_t)
|
#manage_sock_files_pattern(ossec_syscheckd_t, ossec_queue_t, ossec_analysisd_sock_t)
|
||||||
|
#search_dirs_pattern(ossec_syscheckd_t, ossec_queue_t, ossec_queue_t)
|
||||||
|
#manage_sock_files_pattern(ossec_syscheckd_t, ossec_queue_t, ossec_queue_t)
|
||||||
|
|
||||||
# logs
|
# logs
|
||||||
allow ossec_syscheckd_t ossec_log_t:file { create_file_perms append_file_perms read };
|
allow ossec_syscheckd_t ossec_log_t:file { create_file_perms append_file_perms read };
|
||||||
ossec_log_filetrans(ossec_syscheckd_t, ossec_log_t, file)
|
ossec_log_filetrans(ossec_syscheckd_t, ossec_log_t, file)
|
||||||
|
|
||||||
# dgram socket
|
# dgram socket
|
||||||
allow ossec_syscheckd_t self:unix_dgram_socket { create bind getopt connect write };
|
allow ossec_syscheckd_t self:unix_dgram_socket create_socket_perms;
|
||||||
allow ossec_syscheckd_t ossec_analysisd_t:unix_dgram_socket { sendto };
|
#allow ossec_syscheckd_t self:unix_dgram_socket { create bind getopt connect write };
|
||||||
|
|
||||||
# Sockets
|
# Sockets
|
||||||
allow ossec_syscheckd_t self:udp_socket { create connect read write bind };
|
allow ossec_syscheckd_t self:udp_socket { create connect read write bind };
|
||||||
|
@ -366,17 +402,25 @@ allow ossec_monitord_t ossec_var_run_t:file manage_file_perms;
|
||||||
ossec_pid_filetrans(ossec_monitord_t, ossec_var_run_t, file)
|
ossec_pid_filetrans(ossec_monitord_t, ossec_var_run_t, file)
|
||||||
|
|
||||||
# queue dir
|
# queue dir
|
||||||
search_dirs_pattern(ossec_monitord_t, ossec_queue_t, ossec_queue_t)
|
dgram_send_pattern(ossec_monitord_t, ossec_queue_t, ossec_analysisd_sock_t, ossec_analysisd_t)
|
||||||
read_files_pattern(ossec_monitord_t, ossec_queue_t, ossec_queue_t)
|
|
||||||
manage_sock_files_pattern(ossec_monitord_t, ossec_queue_t, ossec_queue_t)
|
list_dirs_pattern(ossec_monitord_t, ossec_queue_t, ossec_remoted_file_t)
|
||||||
|
allow ossec_monitord_t ossec_remoted_file_t:file getattr_file_perms;
|
||||||
|
|
||||||
|
#allow ossec_monitord_t ossec_queue_t:dir list_dir_perms;
|
||||||
|
#allow ossec_monitord_t ossec_queue_t:file { getattr };
|
||||||
|
#search_dirs_pattern(ossec_monitord_t, ossec_queue_t, ossec_queue_t)
|
||||||
|
#read_files_pattern(ossec_monitord_t, ossec_queue_t, ossec_queue_t)
|
||||||
|
#manage_sock_files_pattern(ossec_monitord_t, ossec_queue_t, ossec_queue_t)
|
||||||
|
|
||||||
# logs
|
# logs
|
||||||
allow ossec_monitord_t ossec_log_t:file { create_file_perms append_file_perms read };
|
allow ossec_monitord_t ossec_log_t:file { create_file_perms append_file_perms read };
|
||||||
ossec_log_filetrans(ossec_monitord_t, ossec_log_t, file)
|
ossec_log_filetrans(ossec_monitord_t, ossec_log_t, file)
|
||||||
|
|
||||||
# dgram socket
|
# dgram socket
|
||||||
allow ossec_monitord_t self:unix_dgram_socket { create bind getopt connect write };
|
allow ossec_monitord_t self:unix_dgram_socket create_socket_perms;
|
||||||
allow ossec_monitord_t ossec_analysisd_t:unix_dgram_socket { sendto };
|
#allow ossec_monitord_t self:unix_dgram_socket { create bind getopt connect write };
|
||||||
|
#allow ossec_monitord_t ossec_analysisd_t:unix_dgram_socket { sendto };
|
||||||
|
|
||||||
|
|
||||||
#============= httpd_t ==============
|
#============= httpd_t ==============
|
||||||
|
|
Loading…
Reference in a new issue