1 |
This one is done from scratch... |
2 |
|
3 |
Attached is a policy for snortsnarf, a nice html page generator for snort |
4 |
logs. Currently all the permissions are assigned in the snortsnarf.te. I am |
5 |
not sure how convention should go, perhaps it's is cleaner to have |
6 |
snortsnarf.te merely create the type, and then in snort have |
7 |
|
8 |
ifdef(`snortsnarf.te', ` |
9 |
allow ..... |
10 |
allow .... |
11 |
.... |
12 |
'); |
13 |
|
14 |
It can be easily changed around, but atleast in it's current state provides |
15 |
functionality. |
16 |
|
17 |
Besides the files given, the following line should be placed in |
18 |
macros/admin_macros.te: (I will make proper patchs someday soon): |
19 |
|
20 |
ifdef(`snortsnarf.te', `snortsnarf_domain($1)'); |
21 |
|
22 |
A suitable location for the line is below: |
23 |
|
24 |
ifdef(`su.te', `su_domain($1)') |
25 |
|
26 |
|
27 |
As always, testing and comments are much appreaciated. |
28 |
|
29 |
-Robert |