/sbin/lidsconf -A -o /usr/lib/heartbeat/heartbeat -j READONLY
/sbin/lidsconf -A -s /usr/lib/heartbeat/heartbeat \
-o CAP_NET_BIND_SERVICE -i -1 -j GRANT
/sbin/lidsconf -A -s /usr/lib/heartbeat/heartbeat \
-o CAP_SYS_RAWIO -i -1 -j GRANT
/sbin/lidsconf -A -s /usr/lib/heartbeat/heartbeat \
-o CAP_NET_BROADCAST -i -1 -j GRANT
/sbin/lidsconf -A -s /usr/lib/heartbeat/heartbeat \
-o CAP_NET_ADMIN -i -1 -j GRANT
/sbin/lidsconf -A -s /usr/lib/heartbeat/heartbeat \
-o CAP_NET_RAW -i -1 -j GRANT
/sbin/lidsconf -A -s /usr/lib/heartbeat/heartbeat \
-o CAP_SYS_ADMIN -i -1 -j GRANT
# For sending Gratuitous Arps
/sbin/lidsconf -A -o /usr/lib/heartbeat/send_arp -j READONLY
/sbin/lidsconf -A -s /usr/lib/heartbeat/send_arp \
-o CAP_NET_RAW -i -1 -j GRANT
# For modifying the routing table when the IP address changes
/sbin/lidsconf -A -o /sbin/route -j READONLY
/sbin/lidsconf -A -s /sbin/route -o CAP_NET_ADMIN -i 0 -j GRANT
#
# Protect the heartbeat configuration and authentication key.
#
/sbin/lidsconf -A -o /etc/ha.d/ha.cf -j READONLY
/sbin/lidsconf -A -o /etc/ha.d/haresources -j READONLY
/sbin/lidsconf -A -o /etc/ha.d/authkeys -j DENY
#
# Only heartbeat can see the authkey
#
/sbin/lidsconf -A -s /usr/lib/heartbeat/heartbeat \
-o /etc/ha.d/authkeys -j READONLY |