Created
August 22, 2016 13:11
-
-
Save garyttierney/9fd5b5a8538f49b2e06dc643ab35505b to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| > $ sesearch -AT -s nut_upsmon_t -c file -p write,append | |
| Found 24 semantic av rules: | |
| allow daemon puppet_tmp_t : file { ioctl read write getattr lock append } ; | |
| allow nut_upsmon_t systemd_passwd_var_run_t : file { ioctl read write create getattr setattr lock append unlink link rename open } ; | |
| allow domain afs_cache_t : file { read write } ; | |
| allow nut_domain nut_var_run_t : file { ioctl read write create getattr setattr lock append unlink link rename open } ; | |
| allow domain tmpfile : file { ioctl read getattr lock append } ; | |
| allow daemon initrc_tmp_t : file { ioctl read write getattr lock append } ; | |
| allow daemon user_cron_spool_t : file { ioctl read write getattr lock append } ; | |
| allow domain abrt_var_cache_t : file { getattr append } ; | |
| allow daemon user_tmp_t : file { getattr append } ; | |
| allow nut_upsmon_t nut_upsmon_t : file { ioctl read write getattr lock append open } ; | |
| allow domain sosreport_tmp_t : file { ioctl getattr lock append open } ; | |
| allow daemon logfile : file { ioctl getattr lock append } ; | |
| allow daemon user_home_t : file { getattr append } ; | |
| allow domain rpm_tmp_t : file { getattr append } ; | |
| allow domain puppet_tmp_t : file { ioctl read write getattr lock append } ; | |
| allow nut_upsmon_t nut_upsmon_tmp_t : file { ioctl read write create getattr setattr lock append unlink link rename open } ; | |
| allow nut_upsmon_t etc_runtime_t : file { ioctl read write create getattr setattr lock append unlink link rename open } ; | |
| allow domain rkhunter_var_lib_t : file { ioctl getattr lock append open } ; | |
| allow nut_upsmon_t initrc_var_run_t : file { ioctl read write getattr lock append open } ; | |
| allow daemon cluster_var_lib_t : file { ioctl read write create getattr setattr lock append unlink link rename open } ; | |
| allow daemon cluster_var_run_t : file { ioctl read write create getattr setattr lock append unlink link rename open } ; | |
| allow daemon root_t : file { ioctl read write create getattr setattr lock append unlink link rename open } ; | |
| allow daemon cluster_conf_t : file { ioctl read write create getattr setattr lock append unlink link rename open } ; | |
| allow daemon cluster_tmp_t : file { ioctl read write getattr lock append } ; | |
| Found 3 semantic te rules: | |
| type_transition nut_upsmon_t etc_t : file etc_runtime_t; | |
| type_transition nut_upsmon_t tmpfs_t : file nut_upsmon_tmp_t; | |
| type_transition nut_upsmon_t tmp_t : file nut_upsmon_tmp_t; | |
| # AV rule of interest: allow daemon logfile : file { ioctl getattr lock append } ; | |
| > $ seinfo -xalogfile | |
| logfile | |
| osad_log_t | |
| initrc_var_log_t | |
| jockey_var_log_t | |
| ... | |
| var_log_t | |
| > $ sudo semanage fcontext -l | grep 'var_log_t' | |
| /nsr/logs(/.*)? all files system_u:object_r:var_log_t:s0 | |
| /opt/Symantec/scspagent/IDS/system(/.*)? all files system_u:object_r:var_log_t:s0 | |
| /opt/zimbra/log(/.*)? all files system_u:object_r:var_log_t:s0 | |
| /usr/centreon/log(/.*)? all files system_u:object_r:var_log_t:s0 | |
| /var/axfrdns/log/main(/.*)? all files system_u:object_r:var_log_t:s0 | |
| /var/dnscache/log/main(/.*)? all files system_u:object_r:var_log_t:s0 | |
| /var/log directory system_u:object_r:var_log_t:s0 | |
| /var/log/.* all files system_u:object_r:var_log_t:s0 | |
| ... | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment