I talked with the folks on the fedora-selinux-list and here is the
result of that discussion:
The text file (auditd.te) for the proper SELinux policy module is as
follows:
-----------
module auditd 0.0.3;
require {
class tcp_socket accept;
type auditd_t;
attribute reserved_port_type;
class tcp_socket { name_bind };
}
type audit_port_t;
typeattribute audit_port_t reserved_port_type;
allow auditd_t audit_port_t:tcp_socket { name_bind };
allow auditd_t self:tcp_socket accept;
---------------
Once you have the auditd.te file, you can compile it and check it for
any errors:
checkmodule -M -m -o auditd.mod auditd.te
If you have no errors, you can then package the .mod file:
semodule_package -o auditd.pp -m auditd.pp
After packaging, insert it into SELinux:
semodule -i auditd.pp
You should now be able to find the policy module using the
system-config-selinux GUI.
After all of that, the port can be enable under SELinux as per the RHEL
5.3 release notes:
semanage port -a -t audit_port_t -p tcp 60
My systems are now running clean. Thanks for the help.
Dan
Steve Grubb wrote:
On Thursday 12 February 2009 12:48:47 pm Dan Gruhn wrote:
> My system is a stand-alone in a secure environment so I can't just run a
> piece of software and get an update, and it is currently locked into 5.2
> as we're working to get it approved by various powers. Is there any way
> to get the SE Linux policy from the 5.3 update as a separate piece?
>
I was hoping Dan Walsh would answer...its possible, but I don't know if the
selinux people pull it with a bunch of other changes into the reference
policy or not. You might be able to just get the 5.3 policy and look for the
audit files and transplant them into 5.2 policy and diff against original 52
policy to make a patch. You might need to ask on the Fedora-selinux mail list
or the NSA selinux policy mail list if no one answers soon.
-Steve
--
Dan Gruhn
Group W Inc.
8315 Lee Hwy, Suite 303
Fairfax, VA, 22031
PH: (703) 752-5831
FX: (703) 752-5851