Auditing SELinux with aureport and setroubleshoot
Disabling
SELinux is something that happens quite regularly. It is a common occurrence when hosted control panels are used, or when one or more specific applications seem to be experiencing such difficulties that they will not run with SELinux enabled. In these instances, the act of disabling SELinux is a tried-and-tested technique that can save the system's administrator an immense amount of time. For many, this is an automatic response, while others will argue that the tools associated with SELinux are probably more at home on the desktop, workstation, on servers with a GUI, or in a controlled network environment. However, the fact is simple, the act of disabling SELinux will remove a key component of security and leave the system exposed. I agree, SELinux is a complex system, and for those of us who wish to enjoy the protection it offers, our lives can be made simpler through the option of running aureport like this:
# aureport --avc...
