• 3,592 Views

Selinux sealert

Hi,

I am reviewing the analysis of alerts with sealert. I see that in the execution of sealert we can see the context origin of the process (in my case an httpd) and that of the destination directory (in this case / custom).

How can I see the context that I have to apply? As I see in the document that I am following the context it should be httpd_sys_content_t but I can't find a way to know based on the message from sealert.

 

0 Kudos
3 Replies
Tracy_Baker
Starfighter Starfighter
Starfighter
  • 3,568 Views

I haven't gotten there yet, so I've not been playing with SELinux or sealert in RHEL 8.

Is this the entirety of the output? I see that it begins with "Additional Information"

sealert in RHEL 7 would give recommended fixes with confidence ratings, which, in this case, would show the proper type conext to use. This information was above the "Additional Information:" section...

RHEL 7 sealert output example (which doesn't show a type context issue - I'm using it simply to show what the format was):

ex2.JPG

...output omitted...

------------------------------------------------------------

Anyway, you need to set the SELInux type context on the /custom directory to httpd_sys_content_t, recursively, so that index.html also gets the proper context.

I teach it as (to keep it simple):

1) create the rule:

semanage fcontext -a -t httpd_sys_content_t '/custom(/.*)?'

2) apply the rule

restorecon -RFv /custom

ex1.JPG

Yes, I know I'm not creating anything -- and it isn't a "rule" -- I'm adding an existing type context to an existing directory. I'm just trying to create easy-to-remember routines - a mnemonic device.

Program Lead at Arizona's first Red Hat Academy, est. 2005
Estrella Mountain Community College
EmanuelHaine
Flight Engineer
Flight Engineer
  • 3,422 Views

Hey guys,

SELinux is a very powerful tool and it's very good to understand the audit.log file. There is a document from RedHat that explains very well each parameter from this file and how to read and understand better it.

In my opinion, once you understand better this file, SELinux operations become easier to perform.

Follow the link:

https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/security_guide/sec-und...

0 Kudos
Jeff_Schaller
Flight Engineer
Flight Engineer
  • 3,185 Views

Perhaps https://access.redhat.com/solutions/1152803 could be a good reference? The subject of the article is "When attempting to serve content in a non-standard location with Apache it errors out with 'Permission Denied'" and has a brief explanation of the relevant contexts.

0 Kudos
Join the discussion
You must log in to join this conversation.