On Tue, Mar 11, 2008 at 08:58:11PM -0400, Daniel J Walsh wrote:
Arthur Dent wrote:
> On Mon, Mar 10, 2008 at 09:27:04AM -0400, Daniel J Walsh wrote:
>> setroubleshoot can be setup on a headless box to send email. And there
>> is an interface (named pipe) to audit system where you can receive AVC
>> messages as they happen. Just look at the setroubleshoot code since it
>> is using this.
>
> Ooooo. That sounds interesting. I'm all for not re-inventing the wheel. Thing
> is, I looked at man sealert and I couldn't see how to do this. I am not much
> of a hacker, so looking at the code would probably not help me too much.
>
> Is there a configuration setting I can set somewhere?
>
> Thanks
>
> Mark
>
> fedora-selinux-list mailing list
> fedora-selinux-list(a)redhat.com
>
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
vi /etc/setroubleshoot/setroubleshoot.cfg
And search for email.
Hi,
Apologies for slow response. Thanks ever so much for this. Just what I
was looking for!
Just one small thing...
When I tried this, editing /etc/setroubleshoot/setroubleshoot.cfg
and creating a file /var/lib/setroubleshoot/email_alert_recipients it
didn't work. I looked at this wiki entry
http://fedoraproject.org/wiki/Docs/Drafts/SELinux/SETroubleShoot/UserFAQ#...
and it said essentially exactly the same thing. It also said that that I
could use the sealert GUI to set the mailing settings, so I SSH'd into
my serving using a forwarded X server and tried that. It worked!
The strange thing is that the wiki says that the GUI method simply
modifies the same file (which makes sense), but I used a different email
address and the old email address (which doesn't work) is still in that file with no
sign of
the new one (which works!).
Ho hum... I suppose I goofed somewhere along the line. I'll look into it
with a little more care when I get the chance. In the meantime, the
important thing is it works!
Thanks again, your help is greatly appreciated.
Mark