sealerts
Daniel J Walsh
dwalsh at redhat.com
Fri Jun 7 15:46:31 UTC 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 06/07/2013 11:28 AM, m.roth at 5-cent.us wrote:
> m.roth at 5-cent.us wrote:
>> Two issues: first, I've noticed a number of times that selinux is there,
>> which we usually have in permissive, but setroubleshoot is *not*
>> installed. Is there be some kind of dependency or group that it should
>> be part of that's missing? I don't see why I need to manually install
>> it....
>>
>> Second - and I thought I knew the answer to this, but guess I don't - I
>> see AVC's in the log file, but no sealerts - how do I start it up to
>> give me them in messages? I see auditd is running....
>>
> Point of information: CentOS 6.4, up to date.
>
> Dan, you say that setroubleshoot should run; I did install
> setroubleshoot-server and setroubleshoot-plugins, and then restarted
> auditd, yet I've seen some avc's since then, I think (wish audit.log had
> timestamps).
>
> mark
>
> -- selinux mailing list selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
>
>
audit log does have time stamps, but you need to translate using ausearch
ausearch -m avc -i
Should translate everything.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlGyAFcACgkQrlYvE4MpobMmBQCgpMez2BwDSlK7+CreOc8dWyfb
mqEAoNItNRJ+S1/Vt0VWlMqwgRCSmqfI
=8IE1
-----END PGP SIGNATURE-----
More information about the selinux
mailing list