ossec-agent selinux module

[annmuor]

Hi!

I developed selinux module for ossec agent default installation. It secures application itself and adds four different permission sets:

• read all logs for logcollector
• read all files for syscheckd
• send info all over the network for agent
• do misc stuff for execd

It was tested on my own centos7 with default ossec installation.
I'd like to contribute it to master ossec branch, hope it will be useful for others.

[atomicturtle]

Awesome, thanks for the PR. I know we had one selinux issue with regard to logrotate running on /var/ossec/logs/, had you run into that as well?

[annmuor]

As I marked ossec_log_t as logfile, it's accessible for logrotate daemon.

Proof:

[root@server ~]# sesearch -A -s logrotate_t -t ossec_log_t
Found 5 semantic av rules:
allow logrotate_t logfile : file { ioctl read write create getattr setattr lock append unlink link rename execute execute_no_trans open } ;
allow logrotate_t logfile : dir { ioctl read write getattr lock add_name remove_name search open } ;
allow logrotate_t logfile : lnk_file { ioctl read write create getattr setattr lock append unlink link rename } ;

btw please also include '878df6b679d717306a8936f4fa14dcbd0965b466' into PR, I'd found a little bug that showed self on server agent installation.

[atomicturtle]

a ha, so we'd need to capture active-responses.log as well. I'll take a look at the other PR soon

[annmuor]

The whole logs/ directory and all inside have ossec_log_t context, so logrotate should be able to rotate it easy.

[atomicturtle]

fantastic, I'll take care of getting this into both master and backporting to the 2.9 branch. Thanks again for this PR! It will be in the next RPM update as well