Previous Entry Share Next Entry
setroubleshoot for servers
In Fedora 6 and Red Hat Enterprise Linux 5 we introduced setroubleshoot.   This is a tool which listens for AVC audit messages and then runs them through a database of plugins looking for a match, and then trying to explain what SELinux has prevented and how to fix the problem or to react to a potential break in.  It has been fairly successful in explaining what SELinux is doing. Most people that have used setroubleshoot see a bubble window appear in the top tool bar and the "old West Sheriff Star" appear.  If you click on the Star, the message appears.  

This is great for the Desktop, but what about people using this on servers?

Setroubleshoot can be run without X windows and without the GUI.  setroubleshoot is broken into three different RPMS.

On Fedora 9:

# rpm -qa setroubleshoot\*

On a server only machine you can install just the server and the plugins.  You only need setroubleshoot if you are using the graphical interfaces. With the server component installed you will see messages like the following  appear in /var/log/messages.

Jul  1 22:03:01 localhost setroubleshoot: SELinux is preventing semodule (staff_t) "read" to ./BackupPC.pp (semanage_store_t). For complete SELinux messages. run sealert -l bca0cd18-5a5b-4cc5-9b08-5f5778439b2c

You can then use sealert to look at any AVC messages you get.  sealert also has a neat feature, that you can execute 'sealert -l \*' to look at all the alert messages that you received.
While these messages do not instantly appear on you desktop, you can still use setroubleshoot on a server.

If you want to receive email whenever SELinux reports a problem, you can configure setroubleshoot-server to send email messages.  Edit /var/lib/setroubleshoot/email_alert_recipients, add a line containing your email address, if you only want email the first time an alert fires and not subsequently add "filter_type=after_first" after the email address.

Partially borrowed from an Email message from John Dennis.

  • 1

Re: setroubleshoot client / server connection

Hi dan,
sorry about this. But I figured all out. It is iptables, which I thought i disabled it, but apparently it did not.

Thanks for ur time again :)

  • 1

Log in