9 Jul
2012
9 Jul
'12
5:46 a.m.
On RHEL5/6, if you have the setroubleshoot package installed, all problems detected by SELinux are written in /var/log/messages with the "setroubleshoot" identifier. Then it is easy to fire alerts with simple regexps in analysis.cfg.
Dominique
On 07/ 9/12 06:45 AM, Colin Coe wrote:
Hi all
Anyone out there using Xymon to monitor for SELinux AVC denials? If so, how are you doing this?
Thanks
CC