rpms / selinux-policy

Clone
Source Code
GIT

Files

  1.   c1262146e0bcbc555a11af3da38eb3a442e75f5b
  2.   policy
  3.   modules
  4.   services
  5.   fail2ban.te
Blob Blame History Raw 

policy_module(fail2ban, 1.2.1)

########################################
#
# Declarations
#

type fail2ban_t;
type fail2ban_exec_t;
init_daemon_domain(fail2ban_t, fail2ban_exec_t)

type fail2ban_initrc_exec_t;
init_script_file(fail2ban_initrc_exec_t)

# log files
type fail2ban_log_t;
logging_log_file(fail2ban_log_t)

# pid files
type fail2ban_var_run_t;
files_pid_file(fail2ban_var_run_t)

########################################
#
# fail2ban local policy
#

allow fail2ban_t self:process signal;
allow fail2ban_t self:fifo_file rw_fifo_file_perms;
allow fail2ban_t self:unix_stream_socket { connectto create_stream_socket_perms };
allow fail2ban_t self:tcp_socket create_stream_socket_perms;

# log files
allow fail2ban_t fail2ban_log_t:dir setattr;
manage_files_pattern(fail2ban_t, fail2ban_log_t, fail2ban_log_t)
logging_log_filetrans(fail2ban_t, fail2ban_log_t, file)

# pid file
manage_dirs_pattern(fail2ban_t, fail2ban_var_run_t, fail2ban_var_run_t)
manage_sock_files_pattern(fail2ban_t, fail2ban_var_run_t, fail2ban_var_run_t)
manage_files_pattern(fail2ban_t, fail2ban_var_run_t, fail2ban_var_run_t)
files_pid_filetrans(fail2ban_t, fail2ban_var_run_t, { dir file sock_file })

kernel_read_system_state(fail2ban_t)

corecmd_exec_bin(fail2ban_t)
corecmd_exec_shell(fail2ban_t)

corenet_all_recvfrom_unlabeled(fail2ban_t)
corenet_all_recvfrom_netlabel(fail2ban_t)
corenet_tcp_sendrecv_generic_if(fail2ban_t)
corenet_tcp_sendrecv_generic_node(fail2ban_t)
corenet_tcp_sendrecv_all_ports(fail2ban_t)
corenet_tcp_connect_whois_port(fail2ban_t)
corenet_sendrecv_whois_client_packets(fail2ban_t)

dev_read_urand(fail2ban_t)

domain_use_interactive_fds(fail2ban_t)

files_read_etc_files(fail2ban_t)
files_read_etc_runtime_files(fail2ban_t)
files_read_usr_files(fail2ban_t)
files_list_var(fail2ban_t)
files_search_var_lib(fail2ban_t)

fs_list_inotifyfs(fail2ban_t)
fs_getattr_all_fs(fail2ban_t)

auth_use_nsswitch(fail2ban_t)

logging_read_all_logs(fail2ban_t)

miscfiles_read_localization(fail2ban_t)

mta_send_mail(fail2ban_t)

optional_policy(`
	apache_read_log(fail2ban_t)
')

optional_policy(`
	ftp_read_log(fail2ban_t)
')

optional_policy(`
	iptables_domtrans(fail2ban_t)
')
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.