1 |
Hi, |
2 |
|
3 |
I can run rkhunter as root with role sysadm_r and there are no issues, |
4 |
but when I run it from a cron job I get lots of AVCs because the source |
5 |
context is system_cronjob_t. I am using vixie-cron and running rkhunter |
6 |
from a crontab in /etc/cron.d/. |
7 |
|
8 |
I can see 2 options for fixing this: |
9 |
|
10 |
1) set the label on the crontab to be the same as when I run rkhunter |
11 |
with no AVCs (sysadm_r). Not sure if this happens with a system crontab. |
12 |
I would need to set the boolean cron_userdomain_transition to true, and |
13 |
it would end up with a crontab file having a different label to that |
14 |
specified by the policy. |
15 |
|
16 |
2) create an intermediate script that I run from the crontab, that |
17 |
itself runs rkhunter and effects a transition to the sysadm_t context |
18 |
before doing so. I would need to write a short policy to do this and |
19 |
allow system_cronjob_t to make the transition. This looks like the |
20 |
better route to go. |
21 |
|
22 |
Does anyone have any views about the best way to proceed or whether to |
23 |
do this at all? |
24 |
|
25 |
Thanks |
26 |
|
27 |
Robert Sharp |