Hi,
I can run rkhunter as root with role sysadm_r and there are no issues,
but when I run it from a cron job I get lots of AVCs because the source
context is system_cronjob_t. I am using vixie-cron and running rkhunter
from a crontab in /etc/cron.d/.
I can see 2 options for fixing this:
1)
On Fri, Nov 25, 2016 at 10:16:24AM +, Robert Sharp wrote:
> Hi,
>
> I can run rkhunter as root with role sysadm_r and there are no issues,
> but when I run it from a cron job I get lots of AVCs because the source
> context is system_cronjob_t. I am using vixie-cron and running rkhunter
> fr
On 25/11/16 11:51, Jason Zaman wrote:
Ideally, rkhunter should just have a policy.
It would need something like: cron_system_entry(rkhunter_t, rkhunter_exec_t)
If you wanted to write one, basing it off the aide policy would probably
help.
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/tree
On Thu, 24 Nov 2016 15:29:54 +
Robert Sharp wrote:
> [snip]
> If so, is there a way to avoid listing all the policy packages
> in my accept_keywords file?
>
Yes, there is. You can use globs in package.accepts_keywords; for
example "sec-policy/*"
Regards,
Luis
