Has anybody already done a policy file for Tripwire or its
open-sourced replacement 'aide'?
Trying to run 'tripwire --check' from a cron job gets this:
Apr 27 04:03:37 orange kernel: audit(1083053017.355:0): avc: denied { write }
for pid=14045 exe=/usr/sbin/tripwire name=tripwire dev=dm-5 ino=22529
scontext=system_u:system_r:system_crond_t tcontext=system_u:object_r:var_t tclass=dir
when trying to open the TEMPDIRECTORY directory:
# ls -ld --context /var/tripwire/
drwx------+ root root system_u:object_r:var_t /var/tripwire/
(The actual database files are here:
# ls --context /var/lib/tripwire
-rw-------+ root root system_u:object_r:var_lib_t orange.cirt.vt.edu.twd
-rw------- root root system_u:object_r:var_lib_t orange.cirt.vt.edu.twd.bak
drwxr-xr-x+ root root system_u:object_r:var_lib_t report
It occurs to me that it would be simple but incorrect to just use setfilecon
to coerce the contexts into something that works, and that a separate
set of tripwire_t and/or aide_t contexts is probably desired. Having no wish
to reinvent the wheel, has anybody done this already?
Show replies by date