User file access auditing
Stephen Smalley
sds at epoch.ncsc.mil
Fri Oct 22 19:23:30 UTC 2004
On Fri, 2004-10-22 at 15:18, Stephen Smalley wrote:
> Then, under /etc/security/selinux/src/policy, you can add your policy
> statements, something like the below rules, possibly as a
> domains/misc/local.te file to avoid conflicts with any future policy
> updates to the rest of the policy:
> # Define a type for files to be audited.
> type audited_file_t, file_type, sysadmfile;
> # Allow all user domains to create and modify these files.
> allow userdomain audited_file_t:dir create_dir_perms;
> allow userdomain audited_file_t:{ file lnk_file } create_file_perms;
> # Audit all accesses by user domains to these files.
> auditallow userdomain audited_file_t:{ dir file lnk_file } *;
I forgot to mention: after adding this to your policy sources, you need
to compile the new policy and load it and then apply the type to the
desired directory tree, e.g.
cd /etc/security/selinux/src/policy
make load
chcon -R -t audited_file_t <shared-directory>
--
Stephen Smalley <sds at epoch.ncsc.mil>
National Security Agency
More information about the selinux
mailing list