#Install SELinux trubleshoot
yum install setroubleshoot-doc.x86_64 setroubleshoot-plugins.noarch setroubleshoot.x86_64 setroubleshoot-server.x86_64
#This clears whole audit.log use with cotion
#echo ""> /var/log/audit/audit.log
#Run sealert -a to see the problem recomandation
sealert -a /var/log/audit/audit.log
#Run this to what should be done grep by blocked aplication
grep httpd /var/log/audit/audit.log | audit2allow
#Create exceptin module
grep httpd /var/log/audit/audit.log | audit2allow -M apache
#Install custom module to permit exception
semodule -i apache-unlink.pp
#Remove module if its is not neded
semodule -r apache-unlink.pp
#SELinux Labeling file and dirs
semanage fcontext -a -t httpd_sys_content_t '/var/www(/.*)?'
#Apply new policy on files
restorecon -R -v /var/www
#Copy SELinux policy lable
chcon --reference=/usr/bin/test /usr/bin/test1
#Apply new policy on file
restorecon -v /usr/bin/test1
#Human readable events
cat /var/log/audit/audit.log | ausearch -i |less
#Human readable events realtime
tail -f /var/log/audit/audit.log | ausearch -i
No comments:
Post a Comment