1 ## <summary>Snort network intrusion detection system</summary>
3 ########################################
5 ## Execute a domain transition to run snort.
7 ## <param name="domain">
9 ## Domain allowed to transition.
13 interface(`snort_domtrans',`
15 type snort_t, snort_exec_t;
18 domtrans_pattern($1, snort_exec_t, snort_t)
21 ########################################
23 ## All of the rules required to administrate
24 ## an snort environment
26 ## <param name="domain">
28 ## Domain allowed access.
31 ## <param name="role">
33 ## The role to be allowed to manage the snort domain.
38 interface(`snort_admin',`
40 type snort_t, snort_var_run_t, snort_log_t;
41 type snort_etc_t, snort_initrc_exec_t;
44 allow $1 snort_t:process { ptrace signal_perms };
45 ps_process_pattern($1, snort_t)
47 init_labeled_script_domtrans($1, snort_initrc_exec_t)
48 domain_system_change_exemption($1)
49 role_transition $2 snort_initrc_exec_t system_r;
52 admin_pattern($1, snort_etc_t)
55 admin_pattern($1, snort_log_t)
56 logging_search_logs($1)
58 admin_pattern($1, snort_var_run_t)