On 25/11/16 11:51, Jason Zaman wrote:
Ideally, rkhunter should just have a policy. It would need something like: cron_system_entry(rkhunter_t, rkhunter_exec_t) If you wanted to write one, basing it off the aide policy would probably help. https://gitweb.gentoo.org/proj/hardened-refpolicy.git/tree/policy/modules/contrib/aide.te Its quite a simple policy, it pretty much just needs to read everything on disk.
Well, I want to learn more about SELinux so writing and testing a "proper" policy sounds like an idea. I will give it a go.
Robert
