On Tue, 4 May 2004 04:02, Valdis.Kletnieks(a)vt.edu wrote:
On Mon, 03 May 2004 02:45:39 +1000, Russell Coker said:
> On Wed, 28 Apr 2004 03:52, Valdis.Kletnieks(a)vt.edu wrote:
> > Has anybody already done a policy file for Tripwire or its
> > open-sourced replacement 'aide'?
> Why not run it in the domain backup_t? Tripwire and backup programs both
> need read access to all files..
Good hint - I'll have to chase that. Looks like it's almost but not quite
what I want - looks like a few lines of tweaking should suffice (I'm pretty
sure that can_network can be heaved over the side of the .te file, and I
need other directories labeled with backup_store_t in the .fc file).
However a tripwire program that sends md5 checksums over the wire could be
If there are standard locations for the tripwire database and binaries then
let me know and I'll add them to the policy.
My NSA Security Enhanced Linux packages
Bonnie++ hard drive benchmark
Postal SMTP/POP benchmark
My home page