146 lines
3.2 KiB
Plaintext
146 lines
3.2 KiB
Plaintext
## <summary>Prelude hybrid intrusion detection system.</summary>
|
|
|
|
########################################
|
|
## <summary>
|
|
## Execute a domain transition to run prelude.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed to transition.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`prelude_domtrans',`
|
|
gen_require(`
|
|
type prelude_t, prelude_exec_t;
|
|
')
|
|
|
|
corecmd_search_bin($1)
|
|
domtrans_pattern($1, prelude_exec_t, prelude_t)
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Execute a domain transition to
|
|
## run prelude audisp.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed to transition.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`prelude_domtrans_audisp',`
|
|
gen_require(`
|
|
type prelude_audisp_t, prelude_audisp_exec_t;
|
|
')
|
|
|
|
corecmd_search_bin($1)
|
|
domtrans_pattern($1, prelude_audisp_exec_t, prelude_audisp_t)
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Send generic signals to prelude audisp.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`prelude_signal_audisp',`
|
|
gen_require(`
|
|
type prelude_audisp_t;
|
|
')
|
|
|
|
allow $1 prelude_audisp_t:process signal;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Read prelude spool files.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`prelude_read_spool',`
|
|
gen_require(`
|
|
type prelude_spool_t;
|
|
')
|
|
|
|
files_search_spool($1)
|
|
read_files_pattern($1, prelude_spool_t, prelude_spool_t)
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Create, read, write, and delete
|
|
## prelude manager spool files.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`prelude_manage_spool',`
|
|
gen_require(`
|
|
type prelude_spool_t;
|
|
')
|
|
|
|
files_search_spool($1)
|
|
manage_dirs_pattern($1, prelude_spool_t, prelude_spool_t)
|
|
manage_files_pattern($1, prelude_spool_t, prelude_spool_t)
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## All of the rules required to
|
|
## administrate an prelude environment.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
## <param name="role">
|
|
## <summary>
|
|
## Role allowed access.
|
|
## </summary>
|
|
## </param>
|
|
## <rolecap/>
|
|
#
|
|
interface(`prelude_admin',`
|
|
gen_require(`
|
|
type prelude_t, prelude_spool_t, prelude_lml_var_run_t;
|
|
type prelude_var_run_t, prelude_var_lib_t, prelude_log_t;
|
|
type prelude_audisp_t, prelude_audisp_var_run_t;
|
|
type prelude_initrc_exec_t, prelude_lml_t, prelude_lml_tmp_t;
|
|
type prelude_correlator_t;
|
|
')
|
|
|
|
allow $1 { prelude_t prelude_audisp_t prelude_lml_t prelude_correlator_t }:process { ptrace signal_perms };
|
|
ps_process_pattern($1, { prelude_t prelude_audisp_t prelude_lml_t prelude_correlator_t })
|
|
|
|
init_startstop_service($1, $2, prelude_t, prelude_initrc_exec_t)
|
|
|
|
files_search_spool($1)
|
|
admin_pattern($1, prelude_spool_t)
|
|
|
|
logging_search_logs($1)
|
|
admin_pattern($1, prelude_log_t)
|
|
|
|
files_search_var_lib($1)
|
|
admin_pattern($1, prelude_var_lib_t)
|
|
|
|
files_search_pids($1)
|
|
admin_pattern($1, { prelude_audisp_var_run_t prelude_var_run_t prelude_lml_var_run_t })
|
|
|
|
files_search_tmp($1)
|
|
admin_pattern($1, prelude_lml_tmp_t)
|
|
')
|