HOWTO Logging tcp binding on permissive mode
Dominick Grift
domg472 at gmail.com
Mon Jan 24 12:17:39 UTC 2011
On Mon, Jan 24, 2011 at 09:49:01AM +0100, François Chenais wrote:
> Hello,
>
>
> I would like to log process binding on tcp ports > 1023.
something like this may work:
mkdir mytest; cd mytest; echo "policy_module(mytest, 1.0.0) gen_require(\` attribute domain, userdomain, port_type; ') auditallow { userdomain domain } port_type:tcp_socket name_bind;" > mytest.te; make -f /usr/share/selinux/devel/Makefile mytest.pp; sudo semodule -i mytest.pp
Then any attempts to bind tcp_sockets to port_type ports by domain as well as userdomain will be logged in /var/log/audit/audit.log.
You may, or may not, be able to do similar things by using the audit suite instead (man auditctl)
>
> "On YYYY/MM/DD hh:mm:ss, which account ran the process X listening on
> port aaaa"
>
> Is there any way to do this with SElinux on permissive mode ?
>
> - using système policy ?
> - creating a new policy ?
> - ... ?
>
> Thanks a lot in advance !
>
> François
> --
> selinux mailing list
> selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/selinux/attachments/20110124/24e5bc8a/attachment.bin
More information about the selinux
mailing list