Policy for the kernel message logger and system logging daemon.
All of the rules required to administrate the logging environment
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
role |
User role allowed access. | No |
terminal |
User terminal type. | No |
All of the rules required to administrate the audit environment
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
role |
User role allowed access. | No |
terminal |
User terminal type. | No |
All of the rules required to administrate the syslog environment
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Append to all log files.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Execute audit server in the auditd domain.
Parameter: | Description: | Optional: |
---|---|---|
domain |
The type of the process performing this action. | No |
Check if syslogd is executable.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Create a domain for processes which can be started by the system audit dispatcher
Parameter: | Description: | Optional: |
---|---|---|
domain |
Type to be used as a domain. | No |
entry_point |
Type of the program to be used as an entry point to this domain. | No |
Execute auditctl in the auditctl domain.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Execute auditd in the auditd domain.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Execute a domain transition to run the audit dispatcher.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed to transition. | No |
Execute klogd in the klog domain.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Execute syslogd in the syslog domain.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Do not audit attempts to get the atttributes of any log files.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
dontaudit search of auditd configuration files.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Do not audit attempts to search the var log directory.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain not to audit. | No |
dontaudit attempts to send audit messages.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Dontaudit Write generic log files.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Execute all log files in the caller domain.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
List the contents of the generic log directory (/var/log).
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Make the specified type a file used for logs.
Parameter: | Description: | Optional: |
---|---|---|
file_type |
Type of the file to be used as a log. | No |
Create an object in the log directory, with a private type using a type transition.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
private type |
The type of the object to be created. | No |
object |
The object class of the object being created. | No |
Create, read, write, and delete all log files.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Manage the auditd configuration files.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Manage the audit log.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Create, read, write, and delete generic log files.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Read all log files.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Read the auditd configuration files.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Read the audit log.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Read generic log files.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Read syslog configuration files.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Execute auditctl in the auditctl domain, and allow the specified role the auditctl domain.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
role |
The role to be allowed the auditctl domain. | No |
terminal |
The type of the terminal allow the auditctl domain to use. | No |
Execute auditd in the auditd domain, and allow the specified role the auditd domain.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
role |
The role to be allowed the auditd domain. | No |
terminal |
The type of the terminal allow the auditd domain to use. | No |
read/write to all log files.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Read and write the generic log directory (/var/log).
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Read and write generic log files.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Allows the domain to open a file in the log directory, but does not allow the listing of the contents of the log directory.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Send audit messages.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Send system log messages.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Set up audit
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Set login uid
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Signal the audit dispatcher.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed to transition. | No |
Connect to auditdstored over an unix stream socket.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Connect to the audit dispatcher over an unix stream socket.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Execute syslog server in the syslogd domain.
Parameter: | Description: | Optional: |
---|---|---|
domain |
The type of the process performing this action. | No |
Write generic log files.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |