SELinux AVC denials

2 messages in this thread

list Colin Coe · Mon, 9 Jul 2012 12:45:55 +0800 ·

Hi all

Anyone out there using Xymon to monitor for SELinux AVC denials? If
so, how are you doing this?

Thanks

CC

-- 
RHCE#805007969328369

list Dominique Frise · Mon, 09 Jul 2012 07:46:43 +0200 ·

On RHEL5/6, if you have the setroubleshoot package installed, all 
problems detected by SELinux are written in /var/log/messages with the 
"setroubleshoot" identifier.
Then it is easy to fire alerts with simple regexps in analysis.cfg.

Dominique

▸ quoted from Colin Coe


On 07/ 9/12 06:45 AM, Colin Coe wrote:

Hi all

Anyone out there using Xymon to monitor for SELinux AVC denials? If
so, how are you doing this?

Thanks

CC

SELinux AVC denials 🔗 link

SELinux AVC denials