On Tue, 4 May 2004 04:02, Valdis.Kletnieks@xxxxxx wrote: > On Mon, 03 May 2004 02:45:39 +1000, Russell Coker said: > > On Wed, 28 Apr 2004 03:52, Valdis.Kletnieks@xxxxxx wrote: > > > Has anybody already done a policy file for Tripwire or its > > > open-sourced replacement 'aide'? > > > > Why not run it in the domain backup_t? Tripwire and backup programs both > > need read access to all files.. > > Good hint - I'll have to chase that. Looks like it's almost but not quite > what I want - looks like a few lines of tweaking should suffice (I'm pretty > sure that can_network can be heaved over the side of the .te file, and I > need other directories labeled with backup_store_t in the .fc file). However a tripwire program that sends md5 checksums over the wire could be handy. If there are standard locations for the tripwire database and binaries then let me know and I'll add them to the policy. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page
