I am reviewing the analysis of alerts with sealert. I see that in the execution of sealert we can see the context origin of the process (in my case an httpd) and that of the destination directory (in this case / custom).
How can I see the context that I have to apply? As I see in the document that I am following the context it should be httpd_sys_content_t but I can't find a way to know based on the message from sealert.
I haven't gotten there yet, so I've not been playing with SELinux or sealert in RHEL 8.
Is this the entirety of the output? I see that it begins with "Additional Information"
sealert in RHEL 7 would give recommended fixes with confidence ratings, which, in this case, would show the proper type conext to use. This information was above the "Additional Information:" section...
RHEL 7 sealert output example (which doesn't show a type context issue - I'm using it simply to show what the format was):
Anyway, you need to set the SELInux type context on the /custom directory to httpd_sys_content_t, recursively, so that index.html also gets the proper context.
I teach it as (to keep it simple):
1) create the rule:
semanage fcontext -a -t httpd_sys_content_t '/custom(/.*)?'
2) apply the rule
restorecon -RFv /custom
Yes, I know I'm not creating anything -- and it isn't a "rule" -- I'm adding an existing type context to an existing directory. I'm just trying to create easy-to-remember routines - a mnemonic device.
SELinux is a very powerful tool and it's very good to understand the audit.log file. There is a document from RedHat that explains very well each parameter from this file and how to read and understand better it.
In my opinion, once you understand better this file, SELinux operations become easier to perform.
Follow the link: