[Xymon] SELinux AVC denials
Dominique Frise
dominique.frise at unil.ch
Mon Jul 9 07:46:43 CEST 2012
On RHEL5/6, if you have the setroubleshoot package installed, all
problems detected by SELinux are written in /var/log/messages with the
"setroubleshoot" identifier.
Then it is easy to fire alerts with simple regexps in analysis.cfg.
Dominique
On 07/ 9/12 06:45 AM, Colin Coe wrote:
> Hi all
>
> Anyone out there using Xymon to monitor for SELinux AVC denials? If
> so, how are you doing this?
>
> Thanks
>
> CC
>
More information about the Xymon
mailing list