policy/modules/services/snort.if

   1 ## <summary>Snort network intrusion detection system</summary>
   2
   3 ########################################
   4 ## <summary>
   5 ##      Execute a domain transition to run snort.
   6 ## </summary>
   7 ## <param name="domain">
   8 ## <summary>
   9 ##      Domain allowed to transition.
  10 ## </summary>
  11 ## </param>
  12 #
  13 interface(`snort_domtrans',`
  14         gen_require(`
  15                 type snort_t, snort_exec_t;
  16         ')
  17
  18         domtrans_pattern($1, snort_exec_t, snort_t)
  19 ')
  20
  21 ########################################
  22 ## <summary>
  23 ##      All of the rules required to administrate
  24 ##      an snort environment
  25 ## </summary>
  26 ## <param name="domain">
  27 ##      <summary>
  28 ##      Domain allowed access.
  29 ##      </summary>
  30 ## </param>
  31 ## <param name="role">
  32 ##      <summary>
  33 ##      The role to be allowed to manage the snort domain.
  34 ##      </summary>
  35 ## </param>
  36 ## <rolecap/>
  37 #
  38 interface(`snort_admin',`
  39         gen_require(`
  40                 type snort_t, snort_var_run_t, snort_log_t;
  41                 type snort_etc_t, snort_initrc_exec_t;
  42         ')
  43
  44         allow $1 snort_t:process { ptrace signal_perms };
  45         ps_process_pattern($1, snort_t)
  46
  47         init_labeled_script_domtrans($1, snort_initrc_exec_t)
  48         domain_system_change_exemption($1)
  49         role_transition $2 snort_initrc_exec_t system_r;
  50         allow $2 system_r;
  51
  52         admin_pattern($1, snort_etc_t)
  53         files_search_etc($1)
  54
  55         admin_pattern($1, snort_log_t)
  56         logging_search_logs($1)
  57
  58         admin_pattern($1, snort_var_run_t)
  59         files_search_pids($1)
  60 ')