| 12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455 |
- policy_module(sshguard, 0.1.6)
- ########################################
- #
- # Declarations
- #
- attribute_role sshguard_roles;
- type sshguard_t;
- type sshguard_exec_t;
- init_daemon_domain(sshguard_t, sshguard_exec_t)
- role sshguard_roles types sshguard_t;
- type sshguard_etc_t;
- files_config_file(sshguard_etc_t)
- type sshguard_initrc_exec_t;
- init_script_file(sshguard_initrc_exec_t)
- type sshguard_var_run_t;
- files_pid_file(sshguard_var_run_t)
- ########################################
- #
- # Local policy
- #
- allow sshguard_t self:fifo_file { getattr read write };
- allow sshguard_t self:netlink_route_socket { bind create getattr nlmsg_read read write };
- allow sshguard_t self:udp_socket { connect create getattr read write };
- manage_files_pattern(sshguard_t, sshguard_var_run_t, sshguard_var_run_t)
- files_pid_filetrans(sshguard_t, sshguard_var_run_t, file)
- read_files_pattern(sshguard_t, sshguard_etc_t, sshguard_etc_t)
- iptables_domtrans(sshguard_t)
- logging_send_syslog_msg(sshguard_t)
- logging_read_all_logs(sshguard_t)
- corecmd_exec_shell(sshguard_t)
- corecmd_exec_bin(sshguard_t)
- miscfiles_read_localization(sshguard_t)
- auth_use_nsswitch(sshguard_t)
- sysnet_read_config(sshguard_t)
- gen_require(`
- type iptables_t;
- ')
- logging_read_all_logs(iptables_t)
|
