Re: Auditd port 60 access in RHEL 5.2

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, 2009-02-16 at 11:12 -0500, Dan Gruhn wrote:

>     
> Could someone give me some pointers and/or point me to something I could 
> read to get me going?  I have the 5.3 audit RPMs, but can't seem to find 
> the right pieces.

The port type is declared in "/policy/modules/kernel/corenetwork.te.in":

network_port(audit, tcp,60,s0)

The policy for how auditd interacts with this port is in
"/policy/modules/system/logging.te":

corenet_tcp_bind_audit_port(auditd_t)
corenet_sendrecv_audit_server_packets(auditd_t)

Both the corenetwork and logging policy are part of the base module.

One could create a custom module to make this work:

mkdir ~/myauditd; cd ~/myauditd;
echo "policy_module(myauditd, 0.0.1)" > myauditd.te;
echo "require { type auditd_t; }" >> myauditd.te;
echo "type audit_port_t;" >> myauditd.te;
echo "corenet_reserved_port(audit_port_t)" >> myauditd.te;
echo "allow auditd_t audit_port_t:tcp_socket { name_bind };" >>
myauditd.te;

(sudo yum install selinux-policy-devel)

make -f /usr/share/selinux/devel/Makefile

sudo /usr/sbin/semodule -i myauditd.pp
sudo /usr/sbin/semanage port -a audit_port_t -p tcp 60

Disclaimer this example may have errors or may be incomplete. Use it at
your own risk.

auditd_t probably needs more permission to interact with audit_port_t
(connect, send receive packets etc), however one can use audit2allow to
"extend" policy.

hth, Dominick 

> Thanks,
> 
> Dan
> 
> --
> fedora-selinux-list mailing list
> fedora-selinux-list@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux