[CentOS] selinux...

Wed Oct 7 18:41:45 UTC 2009
m.roth at 5-cent.us <m.roth at 5-cent.us>

> m.roth at 5-cent.us wrote:
>
>> You begin to see my frustration, esp. when I have to skim through logs
>> that have a dozen, or two dozen, of these (and others) every hour, to
>> find other more important messages.
>
> How about log filtering? Since your in such a high security
> environment to need SELinux I can't imagine you don't have
> some sort of log management tool such as Splunk or something

I've never used it, though I know of it. I'd have to convince my manager,
and I dunno if he'd have to convince his boss or not.... And I don't know
how the security group feels about that. (And before you say more, I'll
tell you that I work for a contractor for the feds.)

Hell, I'd love to be able to pipe the freakin' logs through grep <g>

> similar. I'm still in the midst of a Splunk deployment and
> have it stripping a bunch of useless stuff out of the logs,

At some point, I want to *solve* the problem, and make it Go Away forever.
<snip>
> I used to manage a pair of Siteminder systems several years
> ago, your email got me curious and I poked around to see if
> they were still alive, and yes they are and still running
> the good 'ol Apache 1.3.27 probably on RHEL 2.1 still!
> Funny they haven't upgraded it, it's not like they process
> credit cards or anything, oh wait..they do. oh well! Not
> my problem:)

Um, yeah, well, probably fairly soon, the card companies will come down on
them like a ton of bricks. The first four months of this year, I was on a
contract for a major provider of managed security services, including pen
testing, for the card industry (as well as being a root CA), and I'll tell
you that a *lot* of small merchants are going to wind up paying large
companies to do their card processing, within a year or two, and that
stuff that old will fail the pen testers, and they'll be scrambling to
upgrade (so you might have more work from them, if you're interested...)

        mark