/sbin/lidsconf -A -o /usr/lib/heartbeat/heartbeat -j READONLY /sbin/lidsconf -A -s /usr/lib/heartbeat/heartbeat \ -o CAP_NET_BIND_SERVICE -i -1 -j GRANT /sbin/lidsconf -A -s /usr/lib/heartbeat/heartbeat \ -o CAP_SYS_RAWIO -i -1 -j GRANT /sbin/lidsconf -A -s /usr/lib/heartbeat/heartbeat \ -o CAP_NET_BROADCAST -i -1 -j GRANT /sbin/lidsconf -A -s /usr/lib/heartbeat/heartbeat \ -o CAP_NET_ADMIN -i -1 -j GRANT /sbin/lidsconf -A -s /usr/lib/heartbeat/heartbeat \ -o CAP_NET_RAW -i -1 -j GRANT /sbin/lidsconf -A -s /usr/lib/heartbeat/heartbeat \ -o CAP_SYS_ADMIN -i -1 -j GRANT # For sending Gratuitous Arps /sbin/lidsconf -A -o /usr/lib/heartbeat/send_arp -j READONLY /sbin/lidsconf -A -s /usr/lib/heartbeat/send_arp \ -o CAP_NET_RAW -i -1 -j GRANT # For modifying the routing table when the IP address changes /sbin/lidsconf -A -o /sbin/route -j READONLY /sbin/lidsconf -A -s /sbin/route -o CAP_NET_ADMIN -i 0 -j GRANT # # Protect the heartbeat configuration and authentication key. # /sbin/lidsconf -A -o /etc/ha.d/ha.cf -j READONLY /sbin/lidsconf -A -o /etc/ha.d/haresources -j READONLY /sbin/lidsconf -A -o /etc/ha.d/authkeys -j DENY # # Only heartbeat can see the authkey # /sbin/lidsconf -A -s /usr/lib/heartbeat/heartbeat \ -o /etc/ha.d/authkeys -j READONLY |