23 Jul
2013
23 Jul
'13
9:46 a.m.
On 23 Jul 2013 07:42, "Ken Smith" kens@kensnet.org wrote:
For some reason auditd wasn't running or enabled. I'm now seeing the messages I needed in /var/log/messages. I'm running bind chrooted and various other tweeks mean I need to set SELinux accordingly.
Bind chroot via the standard chroot package should just with with selinux...
Be careful that you don't just follow the audit.log blindly (eg audit2allow -aM) but think through each but carefully...
I'd suggest starting for each exception with "is this already covered by a boolean" and then double checking your file contexts before even considering an additional custom module.