]>
Commit | Line | Data |
---|---|---|
e5516014 | 1 | ## <summary>Snort network intrusion detection system</summary> |
06099da6 CP |
2 | |
3 | ######################################## | |
4 | ## <summary> | |
5 | ## Execute a domain transition to run snort. | |
6 | ## </summary> | |
7 | ## <param name="domain"> | |
dcf87460 | 8 | ## <summary> |
06099da6 | 9 | ## Domain allowed to transition. |
dcf87460 | 10 | ## </summary> |
06099da6 CP |
11 | ## </param> |
12 | # | |
13 | interface(`snort_domtrans',` | |
14 | gen_require(` | |
15 | type snort_t, snort_exec_t; | |
16 | ') | |
17 | ||
18 | domtrans_pattern($1, snort_exec_t, snort_t) | |
19 | ') | |
20 | ||
21 | ######################################## | |
22 | ## <summary> | |
23 | ## All of the rules required to administrate | |
24 | ## an snort environment | |
25 | ## </summary> | |
26 | ## <param name="domain"> | |
27 | ## <summary> | |
28 | ## Domain allowed access. | |
29 | ## </summary> | |
30 | ## </param> | |
31 | ## <param name="role"> | |
32 | ## <summary> | |
33 | ## The role to be allowed to manage the snort domain. | |
34 | ## </summary> | |
35 | ## </param> | |
36 | ## <rolecap/> | |
37 | # | |
38 | interface(`snort_admin',` | |
39 | gen_require(` | |
40 | type snort_t, snort_var_run_t, snort_log_t; | |
ebf3ec90 | 41 | type snort_etc_t, snort_initrc_exec_t; |
06099da6 CP |
42 | ') |
43 | ||
44 | allow $1 snort_t:process { ptrace signal_perms }; | |
45 | ps_process_pattern($1, snort_t) | |
46 | ||
47 | init_labeled_script_domtrans($1, snort_initrc_exec_t) | |
48 | domain_system_change_exemption($1) | |
49 | role_transition $2 snort_initrc_exec_t system_r; | |
50 | allow $2 system_r; | |
51 | ||
52 | admin_pattern($1, snort_etc_t) | |
53 | files_search_etc($1) | |
54 | ||
55 | admin_pattern($1, snort_log_t) | |
56 | logging_search_logs($1) | |
57 | ||
58 | admin_pattern($1, snort_var_run_t) | |
59 | files_search_pids($1) | |
60 | ') |