diff options
Diffstat (limited to 'policy/modules/contrib/snort.if')
-rw-r--r-- | policy/modules/contrib/snort.if | 61 |
1 files changed, 0 insertions, 61 deletions
diff --git a/policy/modules/contrib/snort.if b/policy/modules/contrib/snort.if deleted file mode 100644 index 7d86b3485..000000000 --- a/policy/modules/contrib/snort.if +++ /dev/null @@ -1,61 +0,0 @@ -## <summary>Snort network intrusion detection system.</summary> - -######################################## -## <summary> -## Execute a domain transition to run snort. -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed to transition. -## </summary> -## </param> -# -interface(`snort_domtrans',` - gen_require(` - type snort_t, snort_exec_t; - ') - - corecmd_search_bin($1) - domtrans_pattern($1, snort_exec_t, snort_t) -') - -######################################## -## <summary> -## All of the rules required to -## administrate an snort environment. -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed access. -## </summary> -## </param> -## <param name="role"> -## <summary> -## Role allowed access. -## </summary> -## </param> -## <rolecap/> -# -interface(`snort_admin',` - gen_require(` - type snort_t, snort_var_run_t, snort_log_t; - type snort_etc_t, snort_initrc_exec_t; - ') - - allow $1 snort_t:process { ptrace signal_perms }; - ps_process_pattern($1, snort_t) - - init_labeled_script_domtrans($1, snort_initrc_exec_t) - domain_system_change_exemption($1) - role_transition $2 snort_initrc_exec_t system_r; - allow $2 system_r; - - admin_pattern($1, snort_etc_t) - files_search_etc($1) - - admin_pattern($1, snort_log_t) - logging_search_logs($1) - - admin_pattern($1, snort_var_run_t) - files_search_pids($1) -') |