Audit2allowRecipe - Revision history

DominickGrift at 15:57, 20 June 2011

DominickGrift — Mon, 20 Jun 2011 15:57:50 GMT

←Older revision		Revision as of 15:57, 20 June 2011
Line 19:		Line 19:
	semodule -i local.pp		semodule -i local.pp

-	You can view the rules to be added in the local.te file. If you are satisfied, run the "semodule -i local.pp" command to install the module. You can mail an SELinux list, such as the [https://~~www~~.~~redhat~~.~~com~~/mailman/listinfo/~~fedora-~~selinux~~-list~~ Fedora SELinux list] or the [http://www.nsa.gov/research/selinux/list.shtml NSA SELinux mailing list], to ask for review of your module before you install it.	+	You can view the rules to be added in the local.te file. If you are satisfied, run the "semodule -i local.pp" command to install the module. You can mail an SELinux list, such as the [https://admin.fedoraproject.org/mailman/listinfo/selinux Fedora SELinux list] or the [http://www.nsa.gov/research/selinux/list.shtml NSA SELinux mailing list], to ask for review of your module before you install it.

	[[Category:Recipes]]		[[Category:Recipes]]

Jaxelson: added category

Jaxelson — Tue, 31 Aug 2010 18:27:35 GMT

added category

←Older revision		Revision as of 18:27, 31 August 2010
Line 20:		Line 20:

	You can view the rules to be added in the local.te file. If you are satisfied, run the "semodule -i local.pp" command to install the module. You can mail an SELinux list, such as the [https://www.redhat.com/mailman/listinfo/fedora-selinux-list Fedora SELinux list] or the [http://www.nsa.gov/research/selinux/list.shtml NSA SELinux mailing list], to ask for review of your module before you install it.		You can view the rules to be added in the local.te file. If you are satisfied, run the "semodule -i local.pp" command to install the module. You can mail an SELinux list, such as the [https://www.redhat.com/mailman/listinfo/fedora-selinux-list Fedora SELinux list] or the [http://www.nsa.gov/research/selinux/list.shtml NSA SELinux mailing list], to ask for review of your module before you install it.
		+
		+	[[Category:Recipes]]

MurrayMcAllister: text review

MurrayMcAllister — Wed, 25 Nov 2009 09:36:15 GMT

text review

←Older revision		Revision as of 09:36, 25 November 2009
Line 1:		Line 1:
-	If ~~you are getting denied~~ access for something you believe should be allowed you can add rules to your policy with audit2allow.	+	If SELinux is denying access for something you believe should be allowed, you can add rules to your policy with the audit2allow program.

-	First, find out if ~~you are running~~ auditd~~, you can do this with ps~~:	+	First, run the "ps -ef \| grep auditd" command to find out if auditd is running:

-	~~[root@localhost ~]~~# ps -ef \| grep auditd	+	# ps -ef \| grep auditd
	root 69 2 0 Sep26 ? 00:00:00 [kauditd]		root 69 2 0 Sep26 ? 00:00:00 [kauditd]
	root 1159 1 0 Sep26 ? 00:00:00 auditd		root 1159 1 0 Sep26 ? 00:00:00 auditd

-	If ~~you see~~ auditd running, as above, ~~you'll want to~~ use the -a option with audit2allow, ~~else you'll~~ use the -d option.	+	If auditd is running, as shown above, use the "-a" option with audit2allow. If it is not running, use the "-d" option.

-	The -l option ~~only~~ reads denials since the last policy reload and the -M option ~~lets you create~~ a module to ~~add the rule to~~.	+	The "-l" option reads denials since the last policy reload, and the "-M" option creates a module with rules to allow those denials.

-	~~If you have previously used a~~ module name ~~you'll want to choose a new name~~. For example, if you run ~~this~~ once with -M local ~~you'll~~ want to ~~use~~ a different name ~~next time~~, ~~like~~ -M local2.	+	Do not use the "-M" option to specify the same module name more than once. For example, if you run the command below once with "-M local", and want to run it again later, choose a different name, such as "-M local2".

-	~~[root@localhost ~]~~# audit2allow -l -a -M local	+	# audit2allow -l -a -M local
	****************** IMPORTANT *********************		****************** IMPORTANT *********************
	To make this policy package active, execute:		To make this policy package active, execute:
Line 19:		Line 19:
	semodule -i local.pp		semodule -i local.pp

-	You can ~~take a look at~~ the rules ~~that will~~ be added in local.te~~, and if~~ you are satisfied ~~you can~~ run semodule -i local.pp as ~~above~~.	+	You can view the rules to be added in the local.te file. If you are satisfied, run the "semodule -i local.pp" command to install the module. You can mail an SELinux list, such as the [https://www.redhat.com/mailman/listinfo/fedora-selinux-list Fedora SELinux list] or the [http://www.nsa.gov/research/selinux/list.shtml NSA SELinux mailing list], to ask for review of your module before you install it.

JoshuaBrindle: add -l to audit2allow call

JoshuaBrindle — Tue, 29 Sep 2009 15:04:22 GMT

add -l to audit2allow call

←Older revision		Revision as of 15:04, 29 September 2009
Line 13:		Line 13:
	If you have previously used a module name you'll want to choose a new name. For example, if you run this once with -M local you'll want to use a different name next time, like -M local2.		If you have previously used a module name you'll want to choose a new name. For example, if you run this once with -M local you'll want to use a different name next time, like -M local2.

-	[root@localhost ~]# audit2allow -a -M local	+	[root@localhost ~]# audit2allow -l -a -M local
	****************** IMPORTANT *********************		****************** IMPORTANT *********************
	To make this policy package active, execute:		To make this policy package active, execute:

JoshuaBrindle: New page: If you are getting denied access for something you believe should be allowed you can add rules to your policy with audit2allow. First, find out if you are running auditd, you can do this ...

JoshuaBrindle — Tue, 29 Sep 2009 14:52:54 GMT

New page: If you are getting denied access for something you believe should be allowed you can add rules to your policy with audit2allow. First, find out if you are running auditd, you can do this ...

New page

If you are getting denied access for something you believe should be allowed you can add rules to your policy with audit2allow.

First, find out if you are running auditd, you can do this with ps:

[root@localhost ~]# ps -ef | grep auditd
root 69 2 0 Sep26 ? 00:00:00 [kauditd]
root 1159 1 0 Sep26 ? 00:00:00 auditd

If you see auditd running, as above, you'll want to use the -a option with audit2allow, else you'll use the -d option.

The -l option only reads denials since the last policy reload and the -M option lets you create a module to add the rule to.

If you have previously used a module name you'll want to choose a new name. For example, if you run this once with -M local you'll want to use a different name next time, like -M local2.

[root@localhost ~]# audit2allow -a -M local
******************** IMPORTANT ***********************
To make this policy package active, execute:

semodule -i local.pp

You can take a look at the rules that will be added in local.te, and if you are satisfied you can run semodule -i local.pp as above.