public inbox for gentoo-hardened@lists.gentoo.org
 help / color / mirror / Atom feed
* [gentoo-hardened] Nagios...
@ 2011-11-03  0:28 Nico Baggus
  0 siblings, 0 replies; only message in thread
From: Nico Baggus @ 2011-11-03  0:28 UTC (permalink / raw
  To: gentoo-hardened

Nagios is not exactly installed, just nrpe is.
Several audit messages indicate that the checkdisk_plugin has problems,
from these reports the following settings are derived...


---8<---
module nagios_nb 1.0;

require {
        type devpts_t;
        type nagios_checkdisk_plugin_t;
        type usbfs_t;
        type boot_t;
        type default_t;
        type sysfs_t;
        type fusefs_t;
        type sysctl_fs_t;
        type samba_share_t;
        type var_t;
        type binfmt_misc_fs_t;
        class dir { getattr search };
}

#============= nagios_checkdisk_plugin_t ==============
allow nagios_checkdisk_plugin_t binfmt_misc_fs_t:dir getattr;
allow nagios_checkdisk_plugin_t boot_t:dir getattr;
allow nagios_checkdisk_plugin_t default_t:dir getattr;
allow nagios_checkdisk_plugin_t devpts_t:dir getattr;
allow nagios_checkdisk_plugin_t fusefs_t:dir getattr;
allow nagios_checkdisk_plugin_t samba_share_t:dir getattr;
allow nagios_checkdisk_plugin_t sysctl_fs_t:dir search;
allow nagios_checkdisk_plugin_t sysfs_t:dir { getattr search };
allow nagios_checkdisk_plugin_t usbfs_t:dir getattr;
allow nagios_checkdisk_plugin_t var_t:dir getattr;



^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2011-11-03  0:29 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-11-03  0:28 [gentoo-hardened] Nagios Nico Baggus

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox