| 1 |
Hi, |
| 2 |
|
| 3 |
I can run rkhunter as root with role sysadm_r and there are no issues, |
| 4 |
but when I run it from a cron job I get lots of AVCs because the source |
| 5 |
context is system_cronjob_t. I am using vixie-cron and running rkhunter |
| 6 |
from a crontab in /etc/cron.d/. |
| 7 |
|
| 8 |
I can see 2 options for fixing this: |
| 9 |
|
| 10 |
1) set the label on the crontab to be the same as when I run rkhunter |
| 11 |
with no AVCs (sysadm_r). Not sure if this happens with a system crontab. |
| 12 |
I would need to set the boolean cron_userdomain_transition to true, and |
| 13 |
it would end up with a crontab file having a different label to that |
| 14 |
specified by the policy. |
| 15 |
|
| 16 |
2) create an intermediate script that I run from the crontab, that |
| 17 |
itself runs rkhunter and effects a transition to the sysadm_t context |
| 18 |
before doing so. I would need to write a short policy to do this and |
| 19 |
allow system_cronjob_t to make the transition. This looks like the |
| 20 |
better route to go. |
| 21 |
|
| 22 |
Does anyone have any views about the best way to proceed or whether to |
| 23 |
do this at all? |
| 24 |
|
| 25 |
Thanks |
| 26 |
|
| 27 |
Robert Sharp |
Archives