-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 06/07/2013 11:28 AM, m.roth(a)5-cent.us wrote:
m.roth(a)5-cent.us wrote:
> Two issues: first, I've noticed a number of times that selinux is there,
> which we usually have in permissive, but setroubleshoot is *not*
> installed. Is there be some kind of dependency or group that it should
> be part of that's missing? I don't see why I need to manually install
> it....
>
> Second - and I thought I knew the answer to this, but guess I don't - I
> see AVC's in the log file, but no sealerts - how do I start it up to
> give me them in messages? I see auditd is running....
>
Point of information: CentOS 6.4, up to date.
Dan, you say that setroubleshoot should run; I did install
setroubleshoot-server and setroubleshoot-plugins, and then restarted
auditd, yet I've seen some avc's since then, I think (wish audit.log had
timestamps).
mark
-- selinux mailing list selinux(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
audit log does have time stamps, but you need to translate using ausearch
ausearch -m avc -i
Should translate everything.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird -
http://www.enigmail.net/
iEYEARECAAYFAlGyAFcACgkQrlYvE4MpobMmBQCgpMez2BwDSlK7+CreOc8dWyfb
mqEAoNItNRJ+S1/Vt0VWlMqwgRCSmqfI
=8IE1
-----END PGP SIGNATURE-----