audit log for "setenforce" changes?

Chuck Anderson cra at WPI.EDU
Mon Jan 14 20:10:43 UTC 2008

On Mon, Jan 14, 2008 at 02:36:45PM -0500, Daniel J Walsh wrote:
> Do you have user accounts setup in /var/log? /lib/libexec?
> If you have system accounts with homedirs and real shells, you can
> confuse SELinux.  Any system account should have a UID < 500 or a shell
> of /bin/false or /sbin/nologin.

I fixed all accounts to meet these expectations.

There were these which I changed to use shells of /sbin/nologin:

oracle:x:1003:1003:Oracle User:/opt/oracle:/bin/sh
dhcpd:x:2001:2001:DHCP Daemon:/etc/dhcpd:/bin/bash

> You also look like you have root account setup to login as system_u.
> You probably want to execute
> semanage login -m -s unconfined_u root


Thanks for all the help.  It sounds like I should go through all my 
systems to be sure they meet current SELinux standards.

More information about the selinux mailing list