70 lines
2.2 KiB
Plaintext
70 lines
2.2 KiB
Plaintext
#DESC auditd - System auditing daemon
|
|
#
|
|
# Authors: Colin Walters <walters@verbum.org>
|
|
#
|
|
# Some fixes by Paul Moore <paul.moore@hp.com>
|
|
#
|
|
define(`audit_manager_domain', `
|
|
allow $1 auditd_etc_t:file rw_file_perms;
|
|
create_dir_file($1, auditd_log_t)
|
|
domain_auto_trans($1, auditctl_exec_t, auditctl_t)
|
|
')
|
|
|
|
daemon_domain(auditd)
|
|
|
|
allow auditd_t self:netlink_audit_socket { create_netlink_socket_perms nlmsg_relay nlmsg_readpriv };
|
|
allow auditd_t self:unix_dgram_socket create_socket_perms;
|
|
allow auditd_t self:capability { audit_write audit_control sys_nice sys_resource };
|
|
allow auditd_t self:process setsched;
|
|
allow auditd_t self:file { getattr read write };
|
|
allow auditd_t etc_t:file { getattr read };
|
|
|
|
# Do not use logdir_domain since this is a security file
|
|
type auditd_log_t, file_type, secure_file_type;
|
|
allow auditd_t var_log_t:dir search;
|
|
rw_dir_create_file(auditd_t, auditd_log_t)
|
|
|
|
can_exec(auditd_t, init_exec_t)
|
|
allow auditd_t initctl_t:fifo_file write;
|
|
|
|
ifdef(`targeted_policy', `
|
|
dontaudit auditd_t unconfined_t:fifo_file read;
|
|
')
|
|
|
|
type auditctl_t, domain, privlog;
|
|
type auditctl_exec_t, file_type, exec_type, sysadmfile;
|
|
uses_shlib(auditctl_t)
|
|
allow auditctl_t self:netlink_audit_socket { create_netlink_socket_perms nlmsg_relay nlmsg_readpriv };
|
|
allow auditctl_t self:capability { audit_write audit_control };
|
|
allow auditctl_t etc_t:file { getattr read };
|
|
allow auditctl_t admin_tty_type:chr_file rw_file_perms;
|
|
|
|
type auditd_etc_t, file_type, secure_file_type;
|
|
allow { auditd_t auditctl_t } auditd_etc_t:file r_file_perms;
|
|
allow initrc_t auditd_etc_t:file r_file_perms;
|
|
|
|
role secadm_r types auditctl_t;
|
|
role sysadm_r types auditctl_t;
|
|
audit_manager_domain(secadm_t)
|
|
|
|
ifdef(`targeted_policy', `', `
|
|
ifdef(`separate_secadm', `', `
|
|
audit_manager_domain(sysadm_t)
|
|
')
|
|
')
|
|
|
|
role system_r types auditctl_t;
|
|
domain_auto_trans(initrc_t, auditctl_exec_t, auditctl_t)
|
|
|
|
dontaudit auditctl_t local_login_t:fd use;
|
|
allow auditctl_t proc_t:dir search;
|
|
allow auditctl_t sysctl_kernel_t:dir search;
|
|
allow auditctl_t sysctl_kernel_t:file { getattr read };
|
|
dontaudit auditctl_t init_t:fd use;
|
|
allow auditctl_t initrc_devpts_t:chr_file { read write };
|
|
allow auditctl_t privfd:fd use;
|
|
|
|
|
|
allow auditd_t sbin_t:dir search;
|
|
can_exec(auditd_t, sbin_t)
|