[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Policy file for 'aide' and/or 'tripwire'?

Has anybody already done a policy file for Tripwire or its
open-sourced replacement 'aide'?

Trying to run 'tripwire --check' from a cron job gets this:

Apr 27 04:03:37 orange kernel: audit(1083053017.355:0): avc:  denied  { write }                     
for  pid=14045 exe=/usr/sbin/tripwire name=tripwire dev=dm-5 ino=22529
scontext=system_u:system_r:system_crond_t tcontext=system_u:object_r:var_t tclass=dir

when trying to open the TEMPDIRECTORY directory:

#  ls -ld --context /var/tripwire/
drwx------+ root     root     system_u:object_r:var_t          /var/tripwire/

(The actual database files are here:

# ls --context /var/lib/tripwire
-rw-------+ root     root     system_u:object_r:var_lib_t      orange.cirt.vt.edu.twd
-rw-------  root     root     system_u:object_r:var_lib_t      orange.cirt.vt.edu.twd.bak
drwxr-xr-x+ root     root     system_u:object_r:var_lib_t      report

It occurs to me that it would be simple but incorrect to just use setfilecon
to coerce the contexts into something that works, and that a separate
set of tripwire_t and/or aide_t contexts is probably desired.  Having no wish
to reinvent the wheel, has anybody done this already?

Attachment: pgp00037.pgp
Description: PGP signature

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]