| 1 |
This one is done from scratch... |
| 2 |
|
| 3 |
Attached is a policy for snortsnarf, a nice html page generator for snort |
| 4 |
logs. Currently all the permissions are assigned in the snortsnarf.te. I am |
| 5 |
not sure how convention should go, perhaps it's is cleaner to have |
| 6 |
snortsnarf.te merely create the type, and then in snort have |
| 7 |
|
| 8 |
ifdef(`snortsnarf.te', ` |
| 9 |
allow ..... |
| 10 |
allow .... |
| 11 |
.... |
| 12 |
'); |
| 13 |
|
| 14 |
It can be easily changed around, but atleast in it's current state provides |
| 15 |
functionality. |
| 16 |
|
| 17 |
Besides the files given, the following line should be placed in |
| 18 |
macros/admin_macros.te: (I will make proper patchs someday soon): |
| 19 |
|
| 20 |
ifdef(`snortsnarf.te', `snortsnarf_domain($1)'); |
| 21 |
|
| 22 |
A suitable location for the line is below: |
| 23 |
|
| 24 |
ifdef(`su.te', `su_domain($1)') |
| 25 |
|
| 26 |
|
| 27 |
As always, testing and comments are much appreaciated. |
| 28 |
|
| 29 |
-Robert |
Archives