Zabbix monitoring RPM
Du kan inte välja fler än 25 ämnen Ämnen måste starta med en bokstav eller siffra, kan innehålla bindestreck ('-') och vara max 35 tecken långa.

35 lines
1.4KB

  1. module zabbix-server 1.4;
  2. require {
  3. type devlog_t;
  4. type zabbix_t;
  5. type ping_t;
  6. type syslogd_t;
  7. type sudo_exec_t;
  8. type zabbix_var_lib_t;
  9. type zabbix_var_run_t;
  10. class process { setrlimit setpgid };
  11. class capability { sys_resource audit_write };
  12. class file { execute read create ioctl execute_no_trans write getattr unlink open };
  13. class netlink_audit_socket { nlmsg_relay create };
  14. class sock_file { create write unlink };
  15. class unix_dgram_socket { create connect sendto };
  16. class dir { write remove_name add_name };
  17. class key write;
  18. class unix_stream_socket connectto;
  19. }
  20. allow ping_t zabbix_var_lib_t:file { read getattr };
  21. allow zabbix_t devlog_t:sock_file write;
  22. allow zabbix_t self:capability { sys_resource audit_write };
  23. allow zabbix_t self:netlink_audit_socket { nlmsg_relay create };
  24. allow zabbix_t self:process { setrlimit setpgid };
  25. allow zabbix_t self:unix_dgram_socket { create connect };
  26. allow zabbix_t self:key write;
  27. allow zabbix_t sudo_exec_t:file { read execute open execute_no_trans };
  28. allow zabbix_t syslogd_t:unix_dgram_socket sendto;
  29. allow zabbix_t zabbix_var_lib_t:dir { write remove_name add_name };
  30. allow zabbix_t zabbix_var_lib_t:file { execute read create getattr execute_no_trans write ioctl unlink open };
  31. allow zabbix_t self:unix_stream_socket connectto;
  32. allow zabbix_t zabbix_var_run_t:sock_file { create write unlink };