[Xymon] SELinux AVC denials

Dominique Frise dominique.frise at unil.ch
Mon Jul 9 07:46:43 CEST 2012


On RHEL5/6, if you have the setroubleshoot package installed, all 
problems detected by SELinux are written in /var/log/messages with the 
"setroubleshoot" identifier.
Then it is easy to fire alerts with simple regexps in analysis.cfg.

Dominique

On 07/ 9/12 06:45 AM, Colin Coe wrote:
> Hi all
>
> Anyone out there using Xymon to monitor for SELinux AVC denials? If
> so, how are you doing this?
>
> Thanks
>
> CC
>



More information about the Xymon mailing list