From: konrad.azzopardi@gmail.com (Konrad Azzopardi)
Date: Sun, 30 Nov 2008 17:17:49 +0100
Subject: [refpolicy] yule
In-Reply-To: <af1a12460811300631u3f6b7d07t388c9364c18d2a65@mail.gmail.com>
References: <af1a12460811300631u3f6b7d07t388c9364c18d2a65@mail.gmail.com>
Message-ID: <af1a12460811300817w677a1f97xe26ec78734324b63@mail.gmail.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Hi all,

I made some updates, namely added /var/lib/yule , since it seems to be
needed although directory is empty {probably used by extra modules}.

Tnx
Konrad

On Sun, Nov 30, 2008 at 3:31 PM, Konrad Azzopardi
<konrad.azzopardi@gmail.com> wrote:
> Dear all,
>
> I am confining a service called 'yule' , which is the central server
> for the file integrity checker SAMHAIN.
>
> Something about the server :
>
> Binary file is at /usr/local/sbin/yule
> Startup script is at /etc/rc.d/init.d/yule      --
> Config file : /etc/yulerc
> Logfiles /var/log/yule(/.*)?
> PID file is at /var/run/yule.pid
>
> It optionally uses mysql and I have put this as a boolean. I would
> appreciate if somebody review the files and give me some feedback to
> know if i am on the right track.
>
> I have only one question....When I issue a stop by  /etc/init.d/yule stop
> I get all sorts of avc denials, however the daemon still stops. From
> the avc denials and also via an strace it is evident that the stop
> script is somehow doing a search in all proc directory. What is the
> best thing to do here ? Allowing search to all types in /proc or make
> a dontaudit and in both cases is there a macro that captures all types
> inside /proc {don't think so}.
>
> Many thanks for your help
> Konrad
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: yule.fc
Type: application/octet-stream
Size: 501 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20081130/d20b20e5/attachment.obj 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: yule.if
Type: application/octet-stream
Size: 1612 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20081130/d20b20e5/attachment-0001.obj 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: yule.te
Type: application/octet-stream
Size: 2466 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20081130/d20b20e5/attachment-0002.obj