Two issues: first, I've noticed a number of times that selinux is there, which we usually have in permissive, but setroubleshoot is *not* installed. Is there be some kind of dependency or group that it should be part of that's missing? I don't see why I need to manually install it....
Second - and I thought I knew the answer to this, but guess I don't - I see AVC's in the log file, but no sealerts - how do I start it up to give me them in messages? I see auditd is running....
mark
, but setroubleshoot is *not*
installed. Is there be some kind of dependency or group that it should be part of that's missing? I don't see why I need to manually install it....
On EL5 (don't have a EL6 box to hand to check) it is the setroubleshoot-server package you need.
Use yum provides "*/setroubleshootd" to verify.
Second - and I thought I knew the answer to this, but guess I don't - I see AVC's in the log file, but no sealerts - how do I start it up to give me them in messages? I see auditd is running....
Well auditd writes to /var/log/audit/audit.log ... The sealerts in /var/log/messages you are thinking of get generated/etc by setroubleshootd.
part of that's missing? I don't see why I need to manually install
it....
Ah I missed the bit about the lack of dependencies... It is a daemon that checks one file and writes essentially the same thing into another... Even the output from sealert you can pretty much get from audit2why...
Since it does take resources and it only prettifies existing information... That's probably why it is not a @base package.
-
James Hogarth -
m.roth@5-cent.us