From: "Ed Street" <blacknet@simplyaquatics.com>
To: "'Shaun Savage'" <savages@pcez.com>,
"'Ryan Bergauer'" <privateryan@mindspring.com>
Cc: <selinux@tycho.nsa.gov>
Subject: RE: tripwire
Date: Thu, 18 Jul 2002 19:33:36 -0400 [thread overview]
Message-ID: <004101c22eb3$89b37b60$0a01a8c0@ed> (raw)
In-Reply-To: <3D37341D.9030208@pcez.com>
Hello,
Stupid question. If it just needs permission to read files then why is
it running as root?
Ed
=> -----Original Message-----
=> From: owner-selinux@tycho.nsa.gov
[mailto:owner-selinux@tycho.nsa.gov] On
=> Behalf Of Shaun Savage
=> Sent: Thursday, July 18, 2002 5:33 PM
=> To: Ryan Bergauer
=> Cc: selinux@tycho.nsa.gov
=> Subject: Re: tripwire
=>
=>
=> ***[07/18/2002 7:32:41 PM] PGP Signature Status: unknown
=> ***[07/18/2002 7:32:41 PM] Hash: SHA1
=> ***[07/18/2002 7:32:41 PM] Signer: Unknown
=> ***[07/18/2002 7:32:41 PM] Signer Key ID:0xEA73F975
=> ***[07/18/2002 7:32:41 PM] Signed: 07/18/2002 5:33:14 PM
=> ***[07/18/2002 7:32:41 PM] Verified: 07/18/2002 7:32:41 PM
=> ***[07/18/2002 7:32:41 PM] BEGIN PGP VERIFIED MESSAGE ***
=>
=> When I created a Tripwire TE rules I had to match the tripwrire rules
=> with the SELinux rules. I gave tripwire READ access to what is
needed.
=> ~ It is the run as root, it does not need sysadm access becaues it
does
=> not change the policies, tripwire just reads directories and files
(data)
=>
=> I reloaded my system and my archiver is down so I can't send you my
=> rules.
=>
=> Shaun
=>
=>
=>
=> Ryan Bergauer wrote:
=>
=> | <!-- /* Style Definitions */ p.MsoNormal, li.MsoNormal,
div.MsoNormal
=> | {mso-style-parent:""; margin:0in; margin-bottom:.0001pt;
=> | mso-pagination:widow-orphan; font-size:12.0pt; font-family:"Times
New
=> | Roman"; mso-fareast-font-family:"Times New Roman";} a:link,
=> | span.MsoHyperlink {color:blue; text-decoration:underline;
=> | text-underline:single;} a:visited, span.MsoHyperlinkFollowed
=> | {color:purple; text-decoration:underline; text-underline:single;}
=> | span.EmailStyle17 {mso-style-type:personal-compose;
=> | mso-style-noshow:yes; mso-ansi-font-size:10.0pt;
=> | mso-bidi-font-size:10.0pt; font-family:Arial;
=> | mso-ascii-font-family:Arial; mso-hansi-font-family:Arial;
=> | mso-bidi-font-family:Arial; color:windowtext;} span.SpellE
=> | {mso-style-name:""; mso-spl-e:yes;} span.GramE {mso-style-name:"";
=> | mso-gram-e:yes;} @page Section1 {size:8.5in 11.0in; margin:1.0in
=> | 1.25in 1.0in 1.25in; mso-header-margin:.5in;
mso-footer-margin:.5in;
=> | mso-paper-source:0;} div.Section1 {page:Section1;} -->
=> |
=> | I just installed Tripwire on my SELinux play box. I have no problem
=> | doing an integrity check when I\x19m logged in as root and newroled
into
=> | sysadm_r. However, the default system cron job for integrity
checking
=> | fails miserably because system_crond_t isn\x19t granted the
permissions
=> | necessary to check and sign most files on my system (and with good
=> | reason.) My first thought was to create a domain just for Tripwire,
=> | but unfortunately, the fact that Tripwire needs access to just
about
=> | every file type on the disk results in a domain that not only would
=> | take quite some time to create, but would also require a fair
degree
=> | of maintenance. Creating a cron job run by a user also appears out
of
=> | the question, since my sysadm has no root access, and root runs
=> | user_crond_t cron jobs by default (which I feel would be wise to
keep
=> | that way.)
=> |
=> |
=> |
=> | Either I\x19m overlooking something (very likely) or I\x19m going to have
to
=> | suck it up and write that Tripwire domain. Any suggestions? If the
=> | Tripwire domain is the answer, are there any good ways to give it a
=> | large number of privileges very quickly?
=> |
=> |
=> |
=> | Thanks in advance \x13 you guys are a huge help! I appreciate you
bearing
=> | with those of us still getting used to this&
=> |
=> | -Ryan
=> |
=>
=>
=> ***[07/18/2002 7:32:41 PM] END PGP VERIFIED MESSAGE ***
=>
=>
=>
=> --
=> You have received this message because you are subscribed to the
selinux
=> list.
=> If you no longer wish to subscribe, send mail to
majordomo@tycho.nsa.gov
=> with
=> the words "unsubscribe selinux" without quotes as the message.
--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next prev parent reply other threads:[~2002-07-18 23:33 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-07-18 21:02 tripwire Ryan Bergauer
2002-07-18 21:33 ` tripwire Shaun Savage
2002-07-18 23:33 ` Ed Street [this message]
2002-07-22 11:45 ` tripwire Stephen Smalley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='004101c22eb3$89b37b60$0a01a8c0@ed' \
--to=blacknet@simplyaquatics.com \
--cc=privateryan@mindspring.com \
--cc=savages@pcez.com \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.