Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Mail Systems
Eclipse Documentation

How To Guides
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Problem Solutions
Privacy Policy




5.2. Which Log File is Used

In Fedora 11, the setroubleshoot-server and audit packages are installed if packages are not removed from the default package selection. These packages include the setroubleshootd and auditd daemons respectively. These daemons run by default.
SELinux denial messages, such as the following, are written to /var/log/audit/audit.log by default:
type=AVC msg=audit(1223024155.684:49): avc:  denied  { getattr } for  pid=2000 comm="httpd" path="/var/www/html/file1" dev=dm-0 ino=399185 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=system_u:object_r:samba_share_t:s0 tclass=file
Also, if setroubleshootd is running, which it is by default, denial messages from /var/log/audit/audit.log are translated to an easier-to-read form and sent to /var/log/messages:
May  7 18:55:56 localhost setroubleshoot: SELinux is preventing httpd (httpd_t) "getattr" to /var/www/html/file1 (samba_share_t). For complete SELinux messages. run sealert -l de7e30d6-5488-466d-a606-92c9f40d316d
Denial messages are sent to a different location, depending on which daemons are running:
Daemon Log Location
auditd on /var/log/audit/audit.log
auditd off; rsyslogd on /var/log/messages
setroubleshootd, rsyslogd, and auditd on /var/log/audit/audit.log. Easier-to-read denial messages also sent to /var/log/messages
Starting Daemons Automatically
To configure the auditd, rsyslogd, and setroubleshootd daemons to automatically start at boot, run the following commands as the Linux root user:
/sbin/chkconfig --levels 2345 auditd on
/sbin/chkconfig --levels 2345 rsyslog on
/sbin/chkconfig --levels 345 setroubleshoot on
Use the service service-name status command to check if these services are running, for example:
$ /sbin/service auditd status
auditd (pid  
) is running...
If the above services are not running ( service-name is stopped), use the service service-name start command as the Linux root user to start them. For example:
# /sbin/service setroubleshoot start
Starting setroubleshootd:                                  [  OK  ]

  Published under the terms of the GNU General Public License Design by Interspire