## Aide filesystem integrity checker ######################################## ## ## Execute aide in the aide domain ## ## ## ## Domain allowed access. ## ## # interface(`aide_domtrans',` gen_require(` type aide_t, aide_exec_t; ') corecmd_search_bin($1) domtrans_pattern($1, aide_exec_t, aide_t) ') ######################################## ## ## Execute aide programs in the AIDE domain. ## ## ## ## Domain allowed access. ## ## ## ## ## The role to allow the AIDE domain. ## ## ## ## ## The type of the terminal allow the AIDE domain to use. ## ## # interface(`aide_run',` gen_require(` type aide_t; ') aide_domtrans($1) role $2 types aide_t; allow aide_t $3:chr_file rw_chr_file_perms; ') ######################################## ## ## All of the rules required to administrate ## an aide environment ## ## ## ## Domain allowed access. ## ## ## # interface(`aide_admin',` gen_require(` type aide_t, aide_db_t, aide_log_t; ') allow $1 aide_t:process { ptrace signal_perms }; ps_process_pattern($1, aide_t) files_list_etc($1) manage_files_pattern($1, aide_db_t, aide_db_t) logging_list_logs($1) manage_files_pattern($1, aide_log_t, aide_log_t) ')