Hi,
I can run rkhunter as root with role sysadm_r and there are no issues,
but when I run it from a cron job I get lots of AVCs because the source
context is system_cronjob_t. I am using vixie-cron and running rkhunter
from a crontab in /etc/cron.d/.
I can see 2 options for fixing this:
1) set the label on the crontab to be the same as when I run rkhunter
with no AVCs (sysadm_r). Not sure if this happens with a system crontab.
I would need to set the boolean cron_userdomain_transition to true, and
it would end up with a crontab file having a different label to that
specified by the policy.
2) create an intermediate script that I run from the crontab, that
itself runs rkhunter and effects a transition to the sysadm_t context
before doing so. I would need to write a short policy to do this and
allow system_cronjob_t to make the transition. This looks like the
better route to go.
Does anyone have any views about the best way to proceed or whether to
do this at all?
Thanks
Robert Sharp
