Auditd port 60 access in RHEL 5.2
Dominick Grift
domg472 at gmail.com
Mon Feb 16 18:10:30 UTC 2009
On Mon, 2009-02-16 at 11:12 -0500, Dan Gruhn wrote:
>
> Could someone give me some pointers and/or point me to something I could
> read to get me going? I have the 5.3 audit RPMs, but can't seem to find
> the right pieces.
The port type is declared in "/policy/modules/kernel/corenetwork.te.in":
network_port(audit, tcp,60,s0)
The policy for how auditd interacts with this port is in
"/policy/modules/system/logging.te":
corenet_tcp_bind_audit_port(auditd_t)
corenet_sendrecv_audit_server_packets(auditd_t)
Both the corenetwork and logging policy are part of the base module.
One could create a custom module to make this work:
mkdir ~/myauditd; cd ~/myauditd;
echo "policy_module(myauditd, 0.0.1)" > myauditd.te;
echo "require { type auditd_t; }" >> myauditd.te;
echo "type audit_port_t;" >> myauditd.te;
echo "corenet_reserved_port(audit_port_t)" >> myauditd.te;
echo "allow auditd_t audit_port_t:tcp_socket { name_bind };" >>
myauditd.te;
(sudo yum install selinux-policy-devel)
make -f /usr/share/selinux/devel/Makefile
sudo /usr/sbin/semodule -i myauditd.pp
sudo /usr/sbin/semanage port -a audit_port_t -p tcp 60
Disclaimer this example may have errors or may be incomplete. Use it at
your own risk.
auditd_t probably needs more permission to interact with audit_port_t
(connect, send receive packets etc), however one can use audit2allow to
"extend" policy.
hth, Dominick
> Thanks,
>
> Dan
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
More information about the fedora-selinux-list
mailing list