#DESC Snort - Network sniffer

#

# Author: Shaun Savage <savages@pcez.com> 

# Modified by Russell Coker <russell@coker.com.au>

# X-Debian-Packages: snort-common

#

daemon_domain(snort)

logdir_domain(snort)

allow snort_t snort_log_t:dir create;

can_network_server(snort_t)

type snort_etc_t, file_type, sysadmfile;

# Create temporary files.

tmp_domain(snort)

# use iptable netlink

allow snort_t self:netlink_route_socket { bind create getattr nlmsg_read read write };

allow snort_t self:packet_socket create_socket_perms;

allow snort_t self:capability { setgid setuid net_admin net_raw dac_override };

r_dir_file(snort_t, snort_etc_t)

allow snort_t etc_t:file { getattr read };

allow snort_t etc_t:lnk_file read;

allow snort_t self:unix_dgram_socket create_socket_perms;

allow snort_t self:unix_stream_socket create_socket_perms;

# for start script

allow initrc_t snort_etc_t:file { getattr read };

dontaudit snort_t { etc_runtime_t proc_t }:file { getattr read };