selinux-policy/policy/modules/services/fail2ban.te
2007-03-23 23:24:59 +00:00

74 lines
1.5 KiB
Plaintext

policy_module(fail2ban,1.0.0)
########################################
#
# Declarations
#
type fail2ban_t;
type fail2ban_exec_t;
init_daemon_domain(fail2ban_t, fail2ban_exec_t)
# log files
type fail2ban_log_t;
logging_log_file(fail2ban_log_t)
# pid files
type fail2ban_var_run_t;
files_pid_file(fail2ban_var_run_t)
########################################
#
# fail2ban local policy
#
allow fail2ban_t self:process signal;
allow fail2ban_t self:fifo_file rw_fifo_file_perms;
allow fail2ban_t self:unix_stream_socket create_stream_socket_perms;
# log files
allow fail2ban_t fail2ban_log_t:dir setattr;
manage_files_pattern(fail2ban_t,fail2ban_log_t,fail2ban_log_t)
logging_log_filetrans(fail2ban_t,fail2ban_log_t,file)
# pid file
manage_files_pattern(fail2ban_t,fail2ban_var_run_t,fail2ban_var_run_t)
files_pid_filetrans(fail2ban_t,fail2ban_var_run_t, file)
kernel_read_system_state(fail2ban_t)
corecmd_exec_bin(fail2ban_t)
corecmd_exec_shell(fail2ban_t)
dev_read_urand(fail2ban_t)
domain_use_interactive_fds(fail2ban_t)
files_read_etc_files(fail2ban_t)
files_read_usr_files(fail2ban_t)
libs_use_ld_so(fail2ban_t)
libs_use_shared_libs(fail2ban_t)
logging_read_generic_logs(fail2ban_t)
miscfiles_read_localization(fail2ban_t)
ifdef(`targeted_policy',`
term_dontaudit_use_unallocated_ttys(fail2ban_t)
term_dontaudit_use_generic_ptys(fail2ban_t)
')
optional_policy(`
apache_read_log(fail2ban_t)
')
optional_policy(`
ftp_read_log(fail2ban_t)
')
optional_policy(`
iptables_domtrans(fail2ban_t)
')