Hi SELinux experts:
I have tried to add support for the samhain program, which is used to check filesystem integrity. Please help comment on the attached implementation of the samhain.pp, many thanks!
I have tested it on the samhain-2.5.5 package with the default configuration by the follow commands, and samhain could detect changes as to be monitored in its configuration file (/etc/samhainrc):
(In sysadm_r role, install samhain.pp and update sysadm.pp)
1. Initialize database:
newrole -l s15:c0.c1023 -- -c "samhain -t init"
2. Check samhain daemon status:
run_init /etc/init.d/samhain status
3. Start samhain in daemon mode:
run_init /etc/init.d/samhain start
or,
newrole -l s15:c0.c1023 -- -c "samhain -t check -D"
4. Stop samhain daemon:
run_init /etc/init.d/samhain stop
Tow more questions:
1. sysadm or secadm, who is a better choice to call samhain_admin() for? sysadm could manage /var/log/, /var/lib/ already but doesn't belong to the mlsfilewrite attribute, well secadm has the opposite abilities.
Or some other better solution?
2. Would the samhain_run_init_script() make sense if the samhain_admin() is called for secadm?
Thanks a lot!
Best regards,
Harry
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://oss.tresys.com/pipermail/refpolicy/attachments/20101109/e6e1395d/attachment-0001.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: v0-Add-support-for-the-samhain-program.patch
Type: text/x-patch
Size: 10489 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20101109/e6e1395d/attachment-0001.bin