Re: exclude rule help

public inbox for linux-audit@redhat.com
 help / color / mirror / Atom feed

From: Steve Grubb <sgrubb@redhat.com>
To: linux-audit@redhat.com
Subject: Re: exclude rule help
Date: Thu, 25 Jun 2009 20:22:38 -0400	[thread overview]
Message-ID: <200906252022.38719.sgrubb@redhat.com> (raw)
In-Reply-To: <1245967268.7681.8.camel@homeserver>

On Thursday 25 June 2009 06:01:08 pm LC Bruzenak wrote:
> Anyone have a good idea of how to discard all these events? Ideally the
> caller would send in a self-generated event such as "ryncing rick/src2/
> to /temp-home" or similar. This is for a dedicated file backup
> procedure.
>
> Obviously I do not want to discard all rsync events, just when launched
> by our trusted program. Nor would I really want all that program's
> events discarded since I want it to be able to submit proactive events
> which summarize its behavior.

With SE Linux, you can create different subject types based on how the 
application was started. Then you can exclude based on the type you assign to 
your subject whenever started by your trusted program.

-Steve

next prev parent reply	other threads:[~2009-06-26  0:22 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2009-06-25 22:01 exclude rule help LC Bruzenak
2009-06-26  0:22 ` Steve Grubb [this message]
2009-06-26  1:22   ` LC Bruzenak

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=200906252022.38719.sgrubb@redhat.com \
    --to=sgrubb@redhat.com \
    --cc=linux-audit@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox