O'Reilly logo

SELinux Cookbook by Sven Vermeulen

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Analyzing SELINUX_ERR messages

When the SELinux subsystem is asked to perform an invalid SELinux-specific operation, it will log this through the audit subsystem using the SELINUX_ERR message type.

Getting ready

Make sure that the audit subsystem is up and running as we will be using the ausearch application to (re)view audit events:

~# service auditd start

How to do it…

Analyzing SELINUX_ERR messages is done by viewing the entry in the audit logs and understanding the individual fields; this is done by completing the following steps:

  1. Note the current date/time, or reload the SELinux policy, to have a clear point in the audit logs from where to look:
    ~# semodule -R
    
  2. Trigger the behavior in the application.
  3. Ask the audit subsystem to show the last events ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required