snort patch from Dan Walsh
Didn't rearrange all the kernel calls, but did add the kernel_request_load_module. Didn't include the usbmod (doesn't exist in refpolicy at this time). Included the generic usb device permissions because snort uses libpcap, which can also be used to monitor USB traffic, so this may be a side effect. From the red hat bug (559861), it sounds as though snort was failing without these permissions, so it doesn't look like a dontaudit would work.
This commit is contained in:
parent
f8b3b7fa48
commit
a49a82c295
|
@ -37,6 +37,7 @@ allow snort_t self:netlink_route_socket { bind create getattr nlmsg_read read wr
|
|||
allow snort_t self:tcp_socket create_stream_socket_perms;
|
||||
allow snort_t self:udp_socket create_socket_perms;
|
||||
allow snort_t self:packet_socket create_socket_perms;
|
||||
allow snort_t self:socket create_socket_perms;
|
||||
# Snort IPS node. unverified.
|
||||
allow snort_t self:netlink_firewall_socket { bind create getattr };
|
||||
|
||||
|
@ -59,6 +60,7 @@ kernel_read_kernel_sysctls(snort_t)
|
|||
kernel_read_sysctl(snort_t)
|
||||
kernel_list_proc(snort_t)
|
||||
kernel_read_proc_symlinks(snort_t)
|
||||
kernel_request_load_module(snort_t)
|
||||
kernel_dontaudit_read_system_state(snort_t)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(snort_t)
|
||||
|
@ -76,6 +78,9 @@ corenet_tcp_connect_prelude_port(snort_t)
|
|||
dev_read_sysfs(snort_t)
|
||||
dev_read_rand(snort_t)
|
||||
dev_read_urand(snort_t)
|
||||
# Red Hat bug 559861: Snort wants read, write, and ioctl on /dev/usbmon
|
||||
# Snort uses libpcap, which can also monitor USB traffic. Maybe this is a side effect?
|
||||
dev_rw_generic_usb_dev(snort_t)
|
||||
|
||||
domain_use_interactive_fds(snort_t)
|
||||
|
||||
|
|
Loading…
Reference in New Issue