• 1

Process Statistics for RHEL5.5

For RHEL Enterprise Linux 5.5 with selinux-policy-2.4.6-277 (not the latest bat it is just for a first analisys).

I follow what you have done for FC-12.

In the command that follow(seinfo, sesearch) the xx variable is equal to the result of this shell script on a FC12, because i need a new version of setools-console

$rpmbuild –bi /tmp/selinux-policy-2.4.6-277.el5.src.rpm
$cd /root/rpmbuild/BUILDROOT/selinux-policy-.4.6-277.fc12.x86_64/usr/share/selinux/targeted
$xx="$PWD/base.pp $(ls -1 $PWD/*.pp | grep -E -v "(base.pp|enableaudit.pp)")"



A good estimate of the number of different confined processes is to count the number of types with the domain attribute.

seinfo -adomain -x $xx | tail -n +2 | wc -l
279

Not all domain types are confined. If we want to look at the number of unconfined domains, we can use the unconfined_domain attribute.

seinfo -aunconfined_domain_type -x $xx | tail -n +2 | wc -l
49

Unconfined Domains
---------------------
ada_t |anaconda_t|apmd_t|clvmd_t
depmod_t |firstboot_t|fsadm_t|hald_t
httpd_unconfined_script_t|inetd_child_t|inetd_t|
init_t |initrc_t|insmod_t|java_t
kernel_t |kudzu_t|ldconfig_t|local_login_t
logrotate_t|lvm_t|mdadm_t|mono_t
mount_t |pegasus_t|prelink_t|readahead_t
remote_login_t|rpm_script_t|rpm_t|rshd_t
samba_unconfined_script_t|semanage_gui_t|sendmail_t|udev_t
unconfined_execmem_t|unconfined_mount_t|unconfined_t|useradd_t
wine_t |xdm_t|xdm_xserver_t|xend_t
ricci_modcluster_t|virtd_t|qemu_unconfined_t|rgmanager_t

In RHEL5.5 permissive domain doesn’t exists

A couple of other interesting statistics.

Total number of file types.

seinfo -afile_type -x $xx | tail -n +2 | wc –l

1043

In order to get the number of allow rules, you need to use sesearch

sesearch --allow $xx | wc -l
80640

Dontaudit Rules

sesearch --dontaudit $xx | wc –l

10171

********************************************************

Does this seem consistent? Definitely not an easy way, but the results could be useful for comparison

  • 1
?

Log in