Bug 38142

Summary:

SELinux Pollicy files for Snort 2.0.6

Product:

Gentoo Security

Reporter:

Bill McCarty <bmccarty>

Component:

Vulnerabilities

Assignee:

Chris PeBenito (RETIRED) <pebenito>

Status:

RESOLVED TEST-REQUEST

Severity:

enhancement

Priority:

High

Version:

unspecified

Hardware:

All

OS:

All

Whiteboard:

Package list:

Runtime testing required:

---

Attachments:

Description	Flags
Snort TE file	none
Snort FC file	none
SELinux TE file for Snort	none

Description Bill McCarty 2004-01-13 23:55:40 UTC

The NSA policy files for Snort specify an incorrect location for the Gentoo executable, and contain several omissions that prevent proper operation. These policy files resolve these problems. They have been tested with Snort 2.0.6 and can be reasonably expected to work with other releases of Snort.

Comment 1 Bill McCarty 2004-01-13 23:56:51 UTC

Created attachment 23783 [details]
Snort TE file

Comment 2 Bill McCarty 2004-01-13 23:57:23 UTC

Created attachment 23784 [details]
Snort FC file

Comment 3 Chris PeBenito (RETIRED) gentoo-dev

2004-01-14 12:17:36 UTC

Hmm, it looks like you could change the log_domain(snort) into a logdir_domain(snort), and then the extra logging lines you added at the bottom can be removed.  Would you test this to make sure?  Otherwise it looks good.

Comment 4 Bill McCarty 2004-01-14 13:17:18 UTC

Created attachment 23810 [details]
SELinux TE file for Snort

Revised to use logdir_domain(), eliminating need for two allows related to
logging.
Also revised to include permissions necessary for startup via run_init.

Comment 5 Chris PeBenito (RETIRED) gentoo-dev

2004-01-15 13:04:49 UTC

committed to policy cvs

Comment 6 Chris PeBenito (RETIRED) gentoo-dev

2004-01-16 12:07:16 UTC

committed to portage