## <summary>Ethernet activity monitor.</summary> ######################################## ## <summary> ## Search arpwatch's data file directories. ## </summary> ## <param name="domain"> ## <summary> ## Domain allowed access. ## </summary> ## </param> # interface(`arpwatch_search_data',` gen_require(` type arpwatch_data_t; ') allow $1 arpwatch_data_t:dir search; ') ######################################## ## <summary> ## Create arpwatch data files. ## </summary> ## <param name="domain"> ## <summary> ## Domain allowed access. ## </summary> ## </param> # interface(`arpwatch_manage_data_files',` gen_require(` type arpwatch_data_t; ') allow $1 arpwatch_data_t:dir rw_dir_perms; allow $1 arpwatch_data_t:file create_file_perms; ') ######################################## ## <summary> ## Read and write arpwatch temporary files. ## </summary> ## <param name="domain"> ## <summary> ## Domain allowed access. ## </summary> ## </param> # interface(`arpwatch_rw_tmp_files',` gen_require(` type arpwatch_tmp_t; ') allow $1 arpwatch_tmp_t:file rw_file_perms; ') ######################################## ## <summary> ## Read and write arpwatch temporary files. ## </summary> ## <param name="domain"> ## <summary> ## Domain allowed access. ## </summary> ## </param> # interface(`arpwatch_manage_tmp_files',` gen_require(` type arpwatch_tmp_t; ') allow $1 arpwatch_tmp_t:file manage_file_perms; ') ######################################## ## <summary> ## Do not audit attempts to read and write ## arpwatch packet sockets. ## </summary> ## <param name="domain"> ## <summary> ## Domain to not audit. ## </summary> ## </param> # interface(`arpwatch_dontaudit_rw_packet_sockets',` gen_require(` type arpwatch_t; ') dontaudit $1 arpwatch_t:packet_socket { read write }; ')