O'Reilly logo

SELinux System Administration by Sven Vermeulen

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

SELinux logging and auditing

When SELinux is enabled, it will log (almost) every permission check that was denied. When Linux auditing is enabled, these denials are logged by the audit daemon. If not, then the regular system logger will get the denials and store them in the system logs.

Such denial messages are described with the type AVC (Access Vector Cache) as we can see from the following example:

type=AVC msg=audit(1369306885.125:4702304): avc:  denied  { append } for  pid=1787 comm=72733A6D61696E20513A526567 name="oracle_audit.log" dev=dm-18 ino=65 scontext=system_u:system_r:syslogd_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=file

The AVC is part of the SELinux security subsystem in the Linux kernel that is responsible for checking and enforcing ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required