Selinux Errors - Redhat

This is a discussion on Selinux Errors - Redhat ; I recently setup a new web server with EL5. The previous server was Deb (sarge). I am fairly unfamiliar with selinux and I am receiving a bunch of avc denial errors. I currently have selinux set to permissive but would ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: Selinux Errors

  1. Selinux Errors

    I recently setup a new web server with EL5. The previous server was
    Deb (sarge). I am fairly unfamiliar with selinux and I am receiving a
    bunch of avc denial errors. I currently have selinux set to permissive
    but would like to have the extra layer of security. The server is home
    to several sites and it has in the past under previous admins had
    viruses and other issues. I need help looking at the denial errors and
    deciding which I should write new rules for and which I should find
    and remove from the server.

    If this should be posted else ware let me know.

  2. Re: Selinux Errors

    On Wed, 09 Apr 2008 13:51:58 -0700, hillzy76 typed this message:

    > I recently setup a new web server with EL5. The previous server was Deb
    > (sarge). I am fairly unfamiliar with selinux and I am receiving a bunch
    > of avc denial errors. I currently have selinux set to permissive but
    > would like to have the extra layer of security. The server is home to
    > several sites and it has in the past under previous admins had viruses
    > and other issues. I need help looking at the denial errors and deciding
    > which I should write new rules for and which I should find and remove
    > from the server.
    >
    > If this should be posted else ware let me know.


    I'm no expert but try:

    man audit2why
    man audit2allow

    $ /usr/sbin/audit2why < /var/log/audit/audit.log

    $ cat /var/log/audit/audit.log | audit2allow >> ~/domains/misc/local.te


  3. Re: Selinux Errors

    On Wed, 09 Apr 2008 13:51:58 -0700, hillzy76 typed this message:

    > I recently setup a new web server with EL5. The previous server was Deb
    > (sarge). I am fairly unfamiliar with selinux and I am receiving a bunch
    > of avc denial errors. I currently have selinux set to permissive but
    > would like to have the extra layer of security. The server is home to
    > several sites and it has in the past under previous admins had viruses
    > and other issues. I need help looking at the denial errors and deciding
    > which I should write new rules for and which I should find and remove
    > from the server.
    >
    > If this should be posted else ware let me know.


    For the audit2allow, audit2why reply I forgot to add link

    http://www.redhat.com/magazine/006ap...tures/selinux/

    a Selinux guide. Since you're running a server good luck.

+ Reply to Thread