Set-UP SELinux security Context of auditd destination on Oracle Linux, RHEL and CentOS

This article explains the steps to Set-UP SELinux security Context of new auditd destination on Oracle Linux, RHEL and CentOS

  • Check the status of SELinux
# getenforce
Enforcing
  • Check the security context of the default audit destination:
# ll -lZd /var/log/audit/
drwx------. root root system_u:object_r:auditd_log_t:s0 /var/log/audit/
# ll -lZ /var/log/audit/
-rw-------. root root system_u:object_r:auditd_log_t:s0 audit.log
  • Create a new destination:
# ll -Zd /audit/
drwxr-xr-x. root root unconfined_u:object_r:default_t:s0 /audit/
  • Change the auditd log destination:
# grep '/audit' /etc/audit/auditd.conf
log_file = /var/log/audit/audit.log
  • To New destination, edit the /etc/audit/auditd.conf
log_file = /audit/audit.log
  • Set-UP the auditd context on the new destination:
 # semanage fcontext -a -t auditd_log_t /audit
# restorecon -Rv /audit/
  • Check the updated SELinux context:
# ll -Zd /audit
drwxr-xr-x. root root unconfined_u:object_r:auditd_log_t:s0 /audit/
# ll -Z /audit/
-rw-------. root root system_u:object_r:auditd_log_t:s0 audit.log

Conclusion:

Change auditd log file to new destination while the SELinux is in the Enforcing mode enabled.

Bookmark the permalink.
Loading Facebook Comments ...

Leave a Reply