Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

not compatible with audit2allow #10

Open
silveraignacio opened this issue Oct 22, 2019 · 1 comment
Open

not compatible with audit2allow #10

silveraignacio opened this issue Oct 22, 2019 · 1 comment

Comments

@silveraignacio
Copy link

Hello! I could check that this audit rules are not compatible with the output that is expected by audit2allow to fix selinux issues.
I have to revert the changes, get the default configuration of auditd and after that, I got the expected log type for selinux issues.
Please can you guide me how can I achieve that? I need this format for selinux

messagestype=AVC msg=audit(1571742292.924:439324): avc: denied { open } for pid=7263 comm="psql" path="/var/lib/zabbix/.pgpass" dev="dm-5" ino=2233826 scontext=system_u:system_r:zabbix_agent_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file permissive=0
@kovacs-andras
Copy link
Contributor

Hi @silveraignacio !
If you take a closer look on the ruleset there is even a rule in it which will prevent to get all the necessary info to make a custom SELinux policy:

## Ignore SELinux AVC records
-a always,exclude -F msgtype=AVC

I recommend to build your policies after dropping all these rules (auditctl -D) or build it on a separate machine where this ruleset is not in use.
Let me know if you need further help either with auditd or SELinux!
Regards,

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@silveraignacio @kovacs-andras