[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Writing a program to monitor the SELinux log



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/11/2011 11:07 PM, Jason Axelson wrote:
> Hi,
> 
> I am writing a program that will monitor the SELinux log for AVC
> violations and deal with them appropriately. Currently I am looking
> at approaches to monitor the SELinux log.
> 
> One approach is to do raw monitoring of /var/log/audit/audit.log
> with something like: tail -f /var/log/audit/audit.log | ausearch -m
> avc
> 
> A second approach may be to implement an SETroubleShoot plugin: 
> https://fedorahosted.org/setroubleshoot/wiki/SETroubleShoot%20Overview
>
>  I'm kind of leaning towards an SETroubleShoot plugin since it
> seems like less new development and the infrastructure seems to be
> already there.
> 
> Is this a valid approach? Is there a better way?
> 
> Thanks, Jason
> 
> -- This message was distributed to subscribers of the selinux
> mailing list. If you no longer wish to subscribe, send mail to
> majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux"
> without quotes as the message.
> 
> 
I would say either just write an setroubleshoot plugin or copy the
code in sedispatch from setroubleshoot to build your own audit
dispatcher, that watches for SELinux messages.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk6VifkACgkQrlYvE4MpobM27QCcCOIwbMVqj4sdBmhwOuUZ0G1f
jOYAoKtoyaQVKo04heYaRAfoI2QMNKfw
=0DCd
-----END PGP SIGNATURE-----

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.


[Fedora Users]     [Fedora Legacy]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

Powered by Linux