I have couple of rma agents installed in my CentOS 6.5 hosts with Selinux enabled. These rma-agent is installed as requested by third party service provider.
Once in while rma-agent would stop working/not contactable by remote manager (?) and shifting through Selinux log i would find AVC errors such as these:
Yesterday we tested RMA on CentOS using Permissive and Enforcing Selinux modes but we cannot reproduce such errors in the log.
What kind of tests and actions performed by this agent?
Short of writing my own custom TE, is there a pre-made selinux policy file for rma-agent on linux?
No, and we never tried to make such file, will need to read manuals...
Hi Alex,
Thanks for replying.
There are some kind of a set of tests it runs and being polled remotely and periodically. To be honest, this agent is installed into my systems on the request of a 3rd party vendor for a service we subscribe and frankly i don't have much detail what it does.
No, and we never tried to make such file, will need to read manuals...
I was afraid you're going to say that. The vendor I'm working with has shown no real amount of interest to look into this avc or perhaps looking into this at a more leisurely pace.
I suppose I'll have to dig into audit logs and have a run with this. Time to go check up Dan Walsh excellent posts.