Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Fetching contributors…

Cannot retrieve contributors at this time

108 lines (77 sloc) 2.429 kb
policy_module(psad,1.0.0)
########################################
#
# Declarations
#
type psad_t;
type psad_exec_t;
init_daemon_domain(psad_t, psad_exec_t)
type psad_initrc_exec_t;
init_script_file(psad_initrc_exec_t)
# config files
type psad_etc_t;
files_config_file(psad_etc_t)
# var/lib files
type psad_var_lib_t;
files_type(psad_var_lib_t)
# log files
type psad_var_log_t;
logging_log_file(psad_var_log_t)
# pid files
type psad_var_run_t;
files_pid_file(psad_var_run_t)
# tmp files
type psad_tmp_t;
files_tmp_file(psad_tmp_t)
########################################
#
# psad local policy
#
allow psad_t self:capability { net_admin net_raw setuid setgid dac_override };
dontaudit psad_t self:capability { sys_tty_config };
allow psad_t self:process { signal signull };
allow psad_t self:fifo_file rw_fifo_file_perms;
allow psad_t self:rawip_socket create_socket_perms;
# config files
read_files_pattern(psad_t,psad_etc_t,psad_etc_t)
list_dirs_pattern(psad_t,psad_etc_t,psad_etc_t)
# pid file
manage_files_pattern(psad_t, psad_var_run_t,psad_var_run_t)
manage_sock_files_pattern(psad_t, psad_var_run_t,psad_var_run_t)
files_pid_filetrans(psad_t,psad_var_run_t, { file sock_file })
# log files
manage_files_pattern(psad_t, psad_var_log_t, psad_var_log_t)
manage_dirs_pattern(psad_t, psad_var_log_t, psad_var_log_t)
logging_log_filetrans(psad_t,psad_var_log_t, { file dir })
# tmp files
manage_dirs_pattern(psad_t,psad_tmp_t,psad_tmp_t)
manage_files_pattern(psad_t,psad_tmp_t,psad_tmp_t)
files_tmp_filetrans(psad_t, psad_tmp_t, { file dir })
# /var/lib files
search_dirs_pattern(psad_t, psad_var_lib_t, psad_var_lib_t)
manage_fifo_files_pattern(psad_t, psad_var_lib_t, psad_var_lib_t)
kernel_read_system_state(psad_t)
kernel_read_network_state(psad_t)
#kernel_read_kernel_sysctls(psad_t)
kernel_read_net_sysctls(psad_t)
corecmd_exec_shell(psad_t)
corecmd_exec_bin(psad_t)
auth_use_nsswitch(psad_t)
corenet_tcp_connect_whois_port(psad_t)
dev_read_urand(psad_t)
files_read_etc_runtime_files(psad_t)
fs_getattr_all_fs(psad_t)
libs_use_ld_so(psad_t)
libs_use_shared_libs(psad_t)
miscfiles_read_localization(psad_t)
logging_read_generic_logs(psad_t)
logging_read_syslog_config(psad_t)
logging_send_syslog_msg(psad_t)
#sysnet_domtrans_ifconfig(psad_t)
sysnet_exec_ifconfig(psad_t)
iptables_domtrans(psad_t)
optional_policy(`
mta_send_mail(psad_t)
mta_read_queue(psad_t)
')
permissive psad_t;
Jump to Line
Something went wrong with that request. Please try again.