Highlighted
  • 286 Views

Selinux sealert

Hi,

I am reviewing the analysis of alerts with sealert. I see that in the execution of sealert we can see the context origin of the process (in my case an httpd) and that of the destination directory (in this case / custom).

How can I see the context that I have to apply? As I see in the document that I am following the context it should be httpd_sys_content_t but I can't find a way to know based on the message from sealert.

 

0 Kudos
2 Replies
Highlighted
Starfighter Starfighter
Starfighter
  • 262 Views

Re: Selinux sealert

I haven't gotten there yet, so I've not been playing with SELinux or sealert in RHEL 8.

Is this the entirety of the output? I see that it begins with "Additional Information"

sealert in RHEL 7 would give recommended fixes with confidence ratings, which, in this case, would show the proper type conext to use. This information was above the "Additional Information:" section...

RHEL 7 sealert output example (which doesn't show a type context issue - I'm using it simply to show what the format was):

ex2.JPG

...output omitted...

------------------------------------------------------------

Anyway, you need to set the SELInux type context on the /custom directory to httpd_sys_content_t, recursively, so that index.html also gets the proper context.

I teach it as (to keep it simple):

1) create the rule:

semanage fcontext -a -t httpd_sys_content_t '/custom(/.*)?'

2) apply the rule

restorecon -RFv /custom

ex1.JPG

Yes, I know I'm not creating anything -- and it isn't a "rule" -- I'm adding an existing type context to an existing directory. I'm just trying to create easy-to-remember routines - a mnemonic device.

Program Lead at Arizona's first Red Hat Academy, est. 2005
Estrella Mountain Community College
0 Kudos
Reply
Loading...
Highlighted
Mission Specialist
Mission Specialist
  • 116 Views

Re: Selinux sealert

Hey guys,

SELinux is a very powerful tool and it's very good to understand the audit.log file. There is a document from RedHat that explains very well each parameter from this file and how to read and understand better it.

In my opinion, once you understand better this file, SELinux operations become easier to perform.

Follow the link:

https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/security_guide/sec-und...

0 Kudos
Reply
Loading...
Join the discussion
You must log in to join this conversation.