What kind of log entry is a SELinux log entry?
Informs the user what kind of log entry this is. In this case, an AVC log entry. What SELinux did, which can be either denied or granted. Note that, if SELinux is in permissive mode (we’ll talk about this later), then it will still log as denied even though it was allowed. The permission that was requested / executed.
Is there way to log all access denials in SELinux?
If you want, we can have SELinux log all granted accesses (although I can imagine that becomes dull to look at, and might slow down the performance of the system), but more importantly it logs access denials.
Are there any tools to help with SELinux issues?
The friendly developers that work with SELinux on a daily basis have made a few tools that help you identify SELinux-related issues. The ausearch utility is not an SELinux-specific utility. It is a Linux audit related utility, which parses the audit logs and allows you to query the entries in the logs.
Is there a sealert command for SELinux Gentoo?
The sealert command is not provided on an SELinux-enabled Gentoo system by default, but it is available on RedHat Enterprise Linux and related distributions. It integrates together with a specific daemon called setroubleshootd, which gives a translation of an AVC denial similar to the human translation given earlier in this tutorial.
How can I change the mode of SELinux?
Permanent changes in SELinux states and modes As discussed in SELinux states and modes, SELinux can be enabled or disabled. When enabled, SELinux has two modes: enforcing and permissive. Use the getenforce or sestatus commands to check in which mode SELinux is running.
When was the first version of SELinux released?
SELinux was developed by the US National Security Agency (NSA), and since the beginning Red Hat has been heavily involved in its development. The first version of SELinux was offered in the era of Red Hat Enterprise Linux 4 ™, around the year 2006.