SELinux AVC denials

list Dominique Frise
Mon, 09 Jul 2012 07:46:43 +0200
Message-Id: <user-9e00b8fce096@xymon.invalid>

On RHEL5/6, if you have the setroubleshoot package installed, all 
problems detected by SELinux are written in /var/log/messages with the 
"setroubleshoot" identifier.
Then it is easy to fire alerts with simple regexps in analysis.cfg.

Dominique

On 07/ 9/12 06:45 AM, Colin Coe wrote:

Hi all

Anyone out there using Xymon to monitor for SELinux AVC denials? If
so, how are you doing this?

Thanks

CC