|
Chris PeBenito |
fa45da |
## <summary>Aide filesystem integrity checker</summary>
|
|
Chris PeBenito |
fa45da |
|
|
Chris PeBenito |
fa45da |
########################################
|
|
Chris PeBenito |
fa45da |
## <summary>
|
|
Chris PeBenito |
fa45da |
## Execute aide in the aide domain
|
|
Chris PeBenito |
fa45da |
## </summary>
|
|
Chris PeBenito |
fa45da |
## <param name="domain">
|
|
Chris PeBenito |
fa45da |
## <summary>
|
|
Chris PeBenito |
fa45da |
## Domain allowed access.
|
|
Chris PeBenito |
fa45da |
## </summary>
|
|
Chris PeBenito |
fa45da |
## </param>
|
|
Chris PeBenito |
fa45da |
#
|
|
Chris PeBenito |
fa45da |
interface(`aide_domtrans',`
|
|
Chris PeBenito |
fa45da |
gen_require(`
|
|
Chris PeBenito |
fa45da |
type aide_t, aide_exec_t;
|
|
Chris PeBenito |
fa45da |
')
|
|
Chris PeBenito |
fa45da |
|
|
Chris PeBenito |
8021cb |
corecmd_search_bin($1)
|
|
Chris PeBenito |
0bfccd |
domtrans_pattern($1, aide_exec_t, aide_t)
|
|
Chris PeBenito |
fa45da |
')
|
|
Chris PeBenito |
fa45da |
|
|
Chris PeBenito |
fa45da |
|
|
Chris PeBenito |
fa45da |
########################################
|
|
Chris PeBenito |
fa45da |
## <summary>
|
|
Chris PeBenito |
fa45da |
## Execute aide programs in the AIDE domain.
|
|
Chris PeBenito |
fa45da |
## </summary>
|
|
Chris PeBenito |
fa45da |
## <param name="domain">
|
|
Chris PeBenito |
fa45da |
## <summary>
|
|
Chris PeBenito |
fa45da |
## Domain allowed access.
|
|
Chris PeBenito |
fa45da |
## </summary>
|
|
Chris PeBenito |
fa45da |
## </param>
|
|
Chris PeBenito |
fa45da |
## <param name="role">
|
|
Chris PeBenito |
fa45da |
## <summary>
|
|
Chris PeBenito |
fa45da |
## The role to allow the AIDE domain.
|
|
Chris PeBenito |
fa45da |
## </summary>
|
|
Chris PeBenito |
fa45da |
## </param>
|
|
Chris PeBenito |
fa45da |
## <param name="terminal">
|
|
Chris PeBenito |
fa45da |
## <summary>
|
|
Chris PeBenito |
fa45da |
## The type of the terminal allow the AIDE domain to use.
|
|
Chris PeBenito |
fa45da |
## </summary>
|
|
Chris PeBenito |
fa45da |
## </param>
|
|
Chris PeBenito |
fa45da |
#
|
|
Chris PeBenito |
fa45da |
interface(`aide_run',`
|
|
Chris PeBenito |
fa45da |
gen_require(`
|
|
Chris PeBenito |
fa45da |
type aide_t;
|
|
Chris PeBenito |
fa45da |
')
|
|
Chris PeBenito |
fa45da |
|
|
Chris PeBenito |
fa45da |
aide_domtrans($1)
|
|
Chris PeBenito |
fa45da |
role $2 types aide_t;
|
|
Chris PeBenito |
c0868a |
allow aide_t $3:chr_file rw_chr_file_perms;
|
|
Chris PeBenito |
fa45da |
')
|
|
Chris PeBenito |
ee6608 |
|
|
Chris PeBenito |
ee6608 |
########################################
|
|
Chris PeBenito |
ee6608 |
## <summary>
|
|
Chris PeBenito |
ee6608 |
## All of the rules required to administrate
|
|
Chris PeBenito |
ee6608 |
## an aide environment
|
|
Chris PeBenito |
ee6608 |
## </summary>
|
|
Chris PeBenito |
ee6608 |
## <param name="domain">
|
|
Chris PeBenito |
ee6608 |
## <summary>
|
|
Chris PeBenito |
ee6608 |
## Domain allowed access.
|
|
Chris PeBenito |
ee6608 |
## </summary>
|
|
Chris PeBenito |
ee6608 |
## </param>
|
|
Chris PeBenito |
ee6608 |
## <rolecap/>
|
|
Chris PeBenito |
ee6608 |
#
|
|
Chris PeBenito |
ee6608 |
interface(`aide_admin',`
|
|
Chris PeBenito |
ee6608 |
gen_require(`
|
|
Chris PeBenito |
ee6608 |
type aide_t, aide_db_t, aide_log_t;
|
|
Chris PeBenito |
ee6608 |
')
|
|
Chris PeBenito |
ee6608 |
|
|
Chris PeBenito |
ee6608 |
allow $1 aide_t:process { ptrace signal_perms };
|
|
Chris PeBenito |
ee6608 |
ps_process_pattern($1, aide_t)
|
|
Chris PeBenito |
ee6608 |
|
|
Chris PeBenito |
ee6608 |
files_list_etc($1)
|
|
Chris PeBenito |
ee6608 |
manage_files_pattern($1, aide_db_t, aide_db_t)
|
|
Chris PeBenito |
ee6608 |
|
|
Chris PeBenito |
ee6608 |
logging_list_logs($1)
|
|
Chris PeBenito |
b34db7 |
manage_files_pattern($1, aide_log_t, aide_log_t)
|
|
Chris PeBenito |
ee6608 |
')
|