selinux-vault-otp

vault-otp.te

module vault-otp 1.0;

require {
    type var_log_t;
    type sshd_t;
    type http_port_t;
    class file open;
    class file create;
    class tcp_socket name_connect;
}

allow sshd_t var_log_t:file open;
allow sshd_t var_log_t:file create;
allow sshd_t http_port_t:tcp_socket name_connect;

# references:
# https://github.com/hashicorp/vault-ssh-helper/issues/31#issuecomment-335565489
# http://www.admin-magazine.com/Articles/Credential-management-with-HashiCorp-Vault/(offset)/3

Compile and install as follows:

yum -y install selinux-policy-devel
make -f /usr/share/selinux/devel/Makefile vault-otp.pp
semodule -i vault-otp.pp