Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
SELinux System Administration

You're reading from   SELinux System Administration Effectively secure your Linux systems with SELinux

Arrow left icon
Product type Paperback
Published in Dec 2016
Publisher Packt
ISBN-13 9781787126954
Length 300 pages
Edition 2nd Edition
Tools
Arrow right icon
Author (1):
Arrow left icon
Sven Vermeulen Sven Vermeulen
Author Profile Icon Sven Vermeulen
Sven Vermeulen
Arrow right icon
View More author details
Toc

Table of Contents (11) Chapters Close

Preface 1. Fundamental SELinux Concepts 2. Understanding SELinux Decisions and Logging FREE CHAPTER 3. Managing User Logins 4. Process Domains and File-Level Access Controls 5. Controlling Network Communications 6. sVirt and Docker Support 7. D-Bus and systemd 8. Working with SELinux Policies 9. Analyzing Policy Behavior 10. SELinux Use Cases

SELinux logging and auditing

SELinux developers are well aware that a security-oriented subsystem such as SELinux can only succeed if it is capable of enhanced logging and even debugging. Every action that SELinux takes, as part of the LSM hooks that it implements, should be auditable. Denials (actions that SELinux prevents) should always be logged so that administrators can take due action. SELinux tuning and changes, such as loading new policies or altering SELinux booleans, should always result in an audit message being displayed.

Following audit events

By default, SELinux will send its messages to the Linux audit subsystem (assuming the Linux kernel is configured with the audit subsystem enabled through the CONFIG_AUDIT kernel configuration). There, the messages are picked up by the Linux audit daemon (auditd) and logged in the /var/log/audit/audit.log file. Additional handling rules can be defined through the audit dispatcher process (audisp), which picks up audit events and dispatches...

You have been reading a chapter from
SELinux System Administration - Second Edition
Published in: Dec 2016
Publisher: Packt
ISBN-13: 9781787126954
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image