X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?p=ossec-hids.git;a=blobdiff_plain;f=debian%2Fossec-hids%2Fusr%2Fshare%2Fdoc%2Fossec-hids%2Fcontrib%2Fselinux%2Fossec_agent%2Fossec_agent.te;fp=debian%2Fossec-hids%2Fusr%2Fshare%2Fdoc%2Fossec-hids%2Fcontrib%2Fselinux%2Fossec_agent%2Fossec_agent.te;h=0000000000000000000000000000000000000000;hp=1b012ad6c3321c4884b0f99002a20855d92ea198;hb=946517cefb8751a43a89bda4220221f065f4e5d1;hpb=3f728675941dc69d4e544d3a880a56240a6e394a

diff --git a/debian/ossec-hids/usr/share/doc/ossec-hids/contrib/selinux/ossec_agent/ossec_agent.te b/debian/ossec-hids/usr/share/doc/ossec-hids/contrib/selinux/ossec_agent/ossec_agent.te
deleted file mode 100644
index 1b012ad..0000000
--- a/debian/ossec-hids/usr/share/doc/ossec-hids/contrib/selinux/ossec_agent/ossec_agent.te
+++ /dev/null
@@ -1,100 +0,0 @@
-policy_module(ossec_agent, 1.0.4)
-# selinux module for OSSEC (tm) agent
-# (C) Ivan Agarkov, 2017
-# exec file types
-type ossec_agent_exec_t;
-type ossec_exec_exec_t;
-type ossec_logcollector_exec_t;
-type ossec_syscheck_exec_t;
-type ossec_admin_exec_t;
-# data file types
-type ossec_log_t; # logs/
-type ossec_conf_t; # /etc
-type ossec_queue_t; # /queue
-type ossec_tmp_t; # /tmp
-type ossec_var_t; # /var
-# process attributes
-attribute ossec_process;
-# process types
-type ossec_agent_t, ossec_process;
-type ossec_exec_t, ossec_process;
-type ossec_logcollector_t, ossec_process;
-type ossec_syscheck_t, ossec_process;
-type ossec_admin_t;
-
-# types definitions
-init_daemon_domain(ossec_agent_t, ossec_agent_exec_t)
-init_daemon_domain(ossec_logcollector_t, ossec_logcollector_exec_t)
-init_daemon_domain(ossec_syscheck_t, ossec_syscheck_exec_t)
-init_daemon_domain(ossec_exec_t, ossec_exec_exec_t)
-application_domain(ossec_admin_t, ossec_admin_exec_t)
-
-files_type(ossec_queue_t)
-files_type(ossec_var_t)
-logging_log_file(ossec_log_t)
-files_config_file(ossec_conf_t)
-files_tmp_file(ossec_tmp_t)
-# type transition for all
-files_tmp_filetrans(ossec_process, ossec_tmp_t, {file dir lnk_file})
-filetrans_pattern(ossec_process, ossec_queue_t, ossec_queue_t, {file dir lnk_file sock_file})
-filetrans_pattern(ossec_process, ossec_var_t, ossec_var_t, {file dir lnk_file })
-filetrans_pattern(ossec_process, ossec_conf_t, ossec_conf_t, {file dir lnk_file })
-filetrans_pattern(ossec_process, ossec_tmp_t, ossec_tmp_t, {file dir lnk_file })
-# allow ossec agent to read & edit all
-read_files_pattern(ossec_process, ossec_conf_t, ossec_conf_t)
-admin_pattern(ossec_process, ossec_queue_t, ossec_queue_t)
-
-admin_pattern(ossec_process, ossec_log_t, ossec_log_t)
-admin_pattern(ossec_process, ossec_var_t, ossec_var_t)
-optional_policy(`
-  gen_require(`
-    type passwd_file_t, etc_t;
-  ')
-  read_files_pattern(ossec_process, etc_t, passwd_file_t)
-')
-allow ossec_process ossec_process:unix_dgram_socket all_unix_dgram_socket_perms;
-sysnet_dns_name_resolve(ossec_process)
-allow ossec_process self:capability { dac_override setgid setuid sys_chroot };
-# for agent
-admin_pattern(ossec_agent_t, ossec_conf_t, ossec_conf_t)
-admin_pattern(ossec_agent_t, ossec_tmp_t, ossec_tmp_t)
-
-# logcollector read all logs
-logging_read_all_logs(ossec_logcollector_t)
-logging_read_audit_log(ossec_logcollector_t)
-# syscheck read all file
-files_read_all_files(ossec_syscheck_t)
-allow ossec_syscheck_t self:process setsched;
-allow ossec_syscheck_t self:capability sys_nice;
-# admin policy
-admin_pattern(ossec_admin_t, ossec_conf_t, ossec_conf_t)
-admin_pattern(ossec_admin_t, ossec_queue_t, ossec_queue_t)
-admin_pattern(ossec_admin_t, ossec_var_t, ossec_var_t)
-# allow to kill
-allow ossec_admin_t ossec_process:process { signal sigkill ptrace sigstop getattr setrlimit noatsecure };
-# for different roles
-optional_policy(`
-  gen_require(`
-    type unconfined_t;
-    role unconfined_r;
-  ')
-  role unconfined_r types ossec_admin_t;
-  domtrans_pattern(unconfined_t, ossec_admin_exec_t, ossec_admin_t)
-')
-optional_policy(`
-  gen_require(`
-    type sysadm_t;
-    role sysadm_r;
-  ')
-  role sysadm_r types ossec_admin_t;
-  domtrans_pattern(sysadm_t, ossec_admin_exec_t, ossec_admin_t)
-')
-optional_policy(`
-  gen_require(`
-    type staff_t;
-    role staff_r;
-  ')
-  role staff_r types ossec_admin_t;
-  domtrans_pattern(staff_t, ossec_admin_exec_t, ossec_admin_t)
-')
-