Author: csellers
Update of /cvs/docs/selinux-faq/en_US In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv15666
Modified Files: selinux-faq.xml Log Message: updated log file location for FC5 release, added targeted domains FAQ
Index: selinux-faq.xml =================================================================== RCS file: /cvs/docs/selinux-faq/en_US/selinux-faq.xml,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- selinux-faq.xml 22 Mar 2006 03:04:53 -0000 1.2 +++ selinux-faq.xml 24 Mar 2006 17:56:33 -0000 1.3 @@ -333,55 +333,103 @@ </para> </answer> </qandaentry> -<!-- Need to update this for FC5 <qandaentry> <question> <para> - What daemons are protected by the targeted policy? + What programs are protected by the targeted policy? </para> </question> <answer> <para> - Currently, the list of daemons is: + Currently, the list of programs is approximately: </para> - <itemizedlist> - <listitem> - <para><command>dhcpd</command></para> - </listitem> - <listitem> - <para><command>httpd</command> - (<filename>apache.te</filename>)</para> - </listitem> - <listitem> - <para><command>named</command></para> - </listitem> - <listitem> - <para><command>nscd</command></para> - </listitem> - <listitem> - <para><command>ntpd</command></para> - </listitem> - <listitem> - <para><command>portmap</command></para> - </listitem> - <listitem> - <para><command>snmpd</command></para> - </listitem> - <listitem> - <para><command>squid</command></para> - </listitem> - <listitem> - <para><command>syslogd</command></para> - </listitem> - </itemizedlist> <para> - The policy files for these daemons are found in - <filename>/etc/selinux/targeted/src/policy/domains/program</filename>. - In the future, more daemons will be added to the targeted policy - protection. - </para> + <filename>accton</filename>, + <filename>amanda</filename>, + <filename>httpd</filename> (apache), + <filename>arpwatch</filename>, + <filename>pam</filename>, + <filename>automount</filename>, + <filename>avahi</filename>, + <filename>named</filename>, + <filename>bluez</filename>, + <filename>lilo</filename>, + <filename>grub</filename>, + <filename>canna</filename>, + <filename>comsat</filename>, + <filename>cpucontrol</filename>, + <filename>cpuspeed</filename>, + <filename>cups</filename>, + <filename>cvs</filename>, + <filename>cyrus</filename>, + <filename>dbskkd</filename>, + <filename>dbus</filename>, + <filename>dhcpd</filename>, + <filename>dictd</filename>, + <filename>dmidecode</filename>, + <filename>dovecot</filename>, + <filename>fetchmail</filename>, + <filename>fingerd</filename>, + <filename>ftpd</filename> (vsftpd, proftpd, and muddleftpd), + <filename>gpm</filename>, + <filename>hald</filename>, + <filename>hotplug</filename>, + <filename>howl</filename>, + <filename>innd</filename>, + <filename>kerberos</filename>, + <filename>ktalkd</filename>, + <filename>openldap</filename>, + <filename>auditd</filename>, + <filename>syslog</filename>, + <filename>logwatch</filename>, + <filename>lpd</filename>, + <filename>lvm</filename>, + <filename>mailman</filename>, + <filename>module-init-tools</filename>, + <filename>mount</filename>, + <filename>mysql</filename>, + <filename>NetworkManager</filename>, + <filename>NIS</filename>, + <filename>nscd</filename>, + <filename>ntp</filename>, + <filename>pegasus</filename>, + <filename>portmap</filename>, + <filename>postfix</filename>, + <filename>postgresql</filename>, + <filename>pppd</filename>, + <filename>pptp</filename>, + <filename>privoxy</filename>, + <filename>procmail</filename>, + <filename>radiusd</filename>, + <filename>radvd</filename>, + <filename>rlogin</filename>, + <filename>nfs</filename>, + <filename>rsync</filename>, + <filename>samba</filename>, + <filename>saslauthd</filename>, + <filename>snmpd</filename>, + <filename>spamd</filename>, + <filename>squid</filename>, + <filename>stunnel</filename>, + <filename>dhcpc</filename>, + <filename>ifconfig</filename>, + <filename>sysstat</filename>, + <filename>tcp wrappers</filename>, + <filename>telnetd</filename>, + <filename>tftpd</filename>, + <filename>updfstab</filename>, + <filename>user management</filename> (passwd, useradd, etc.), + <filename>crack</filename>, + <filename>uucpd</filename>, + <filename>vpnc</filename>, + <filename>webalizer</filename>, + <filename>xend</filename>, + <filename>xfs</filename>, + <filename>zebra</filename> + </para> </answer> </qandaentry> +<!-- <qandaentry> <question> <para> @@ -1099,7 +1147,7 @@ additional customizations. </para> <screen> -<computeroutput>audit2allow -M local -l -i /var/log/audit/audit.log +<computeroutput>audit2allow -M local -l -i /var/log/messages Generating type enforcment file: local.te Compiling policy checkmodule -M -m -o local.mod local.te @@ -1113,6 +1161,10 @@ semodule -i local.pp</computeroutput> </screen> <para> + Note that the above assumes you are not using the audit daemon. + If you were using the audit daemon, then you should use + <filename>/var/log/audit/audit.log</filename> instead of + <filename>/var/log/messages</filename> as your log file. This will generate a <filename>local.te</filename> file, that looks something like the following: </para> @@ -1475,7 +1527,9 @@ <para> I get a specific permission denial only when &SEL; is in enforcing mode, but I don't see any audit messages in - <filename>/var/log/audit/audit.log</filename>. How can I identify the + <filename>/var/log/messages</filename> (or + <filename>/var/log/audit/audit.log</filename> if using the audit + daemon). How can I identify the cause of these silent denials? </para> </question> @@ -2243,6 +2297,27 @@ </itemizedlist> </answer> </qandaentry> + <qandaentry> + <question> + <para> + Where are &SEL; AVC messages (denial logs, etc.) stored? + </para> + </question> + <answer> + <para> + In &FC; 2 and 3, SELinux AVC messages could be found in + <filename>/var/log/messages</filename>. + In &FC; 4, the audit daemon was added, and these messages + moved to + <filename>/var/log/audit/audit.log</filename>. + In &FC; 5, the audit daemon is not installed by default, and + consequently these messages can be found in + <filename>/var/log/messages</filename> unless you choose to + install the audit daemon, in which case AVC messages will be in + <filename>/var/log/audit/audit.log</filename>. + </para> + </answer> + </qandaentry> </qandadiv> <qandadiv id="faq-div-deploying-selinux"> <title>Deploying &SEL;</title>