swissmakers_gmbh/fail2ban-ui
12
1
Fork 0
mirror of https://github.com/swissmakers/fail2ban-ui.git synced 2026-04-11 13:47:05 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity

Update of the fail2ban-curl-allow module to version 1.1 with additional permissions for accessing directories and files in etc_t, var_log_t, and var_run_t.

Browse Source
This commit is contained in:
cs
2025-08-26 21:40:13 +02:00
parent 16ca571636
commit ab7de2a6f1
1 changed files with 17 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
deployment/fail2ban-curl-allow.te
View File

@@ -1,11 +1,23 @@
module fail2ban-curl-allow 1.0;
# deployment/fail2ban-curl-allow.te
module fail2ban-curl-allow 1.1;
require {
type fail2ban_t;
type http_cache_port_t;
class tcp_socket name_connect;
type fail2ban_t;
type http_cache_port_t;
type var_run_t;
type etc_t;
type var_log_t;
class tcp_socket name_connect;
class file { read write open execute };
class dir { search read };
}
#============= fail2ban_t ==============
allow fail2ban_t http_cache_port_t:tcp_socket name_connect;
# Zusätzliche benötigte Berechtigungen
allow fail2ban_t etc_t:file { read open };
allow fail2ban_t var_log_t:file { read open };
allow fail2ban_t var_run_t:file { read write open };
allow fail2ban_t var_run_t:dir search;
allow fail2ban_t etc_t:dir search;