3 Replies Latest reply on Mar 6, 2013 6:08 AM by vetterous

    Type Enforcement alarms

    vetterous

      Hello all!

       

      I'm trying to get a better understanding on type enforcement alarms. I found KB64314 Type Enforcement Violations (very helpful info), but a question I had after reading the KB, is there a list of domains somewhere?

       

      I think I understand:

       

      user domain = non srole

      Admin = srole

      RolA = rollaudit

      audt = audit

       

      But I have seen other domains listed in TE alarms that I don't understand (CCro). Is there any place I could find all the listed domains? Any information on reading type enforcement alarms would be very welcome! Thank you for your time.

        • 1. Re: Type Enforcement alarms

          Hello,

           

          I am not aware of a list of all possible domains. This is probably due to the fact that _most_ of the time, you do not need to know the TE of a file or process, expect of course when something goes wrong. Most KB articles that require you to change the TE also give you the appropriate domains. If you have a file that has the wrong TE, sometimes it helps to look at the same file on another firewall to see what the domain is on that firewall. Finally, the TE database that references all domains is hidden to everyone, as being able to view/change this would defeat the purpose of TE

           

          CCro appears to me to be a Control Center domain that is read only. Also, the domain portion is going to be 4 digits, so "user domian"=User, Admin=Admn, etc

           

          Hope this helps,

           

          Matt

          • 2. Re: Type Enforcement alarms
            sliedl

            There is a better explanation of Type Enforcement in the 7.0.1.03 Admin Guide if you're curious about it.

             

            There is also a great PDF here at the old site:  www.securecomputing.com/pdf/secureos.pdf

            • 3. Re: Type Enforcement alarms
              vetterous

              Awesome info! Thank you guys!