Saturday, September 10, 2011

RHEL6 and SElinux

SkyHi @ Saturday, September 10, 2011
One of the most important packages to run successfully RHEL6 and SElinux is the setroubleshoot package. It includes useful tools like the setroubleshoot daemon and utils like sealert, sestatus…..
So lets see whats the sestatus of my system:

[root@rhel1 ~]# sestatus
SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   enforcing
Mode from config file:          enforcing
Policy version:                 24
Policy from config file:        targeted
Ok so assuming i want to set up an ftp server. I know my configuration is correct. Permissions on the directories are set etc… But ftp still do not let me write to the directory.  So i need to have a tool which shows me the audit.log of selinux. This can be done with sealert.

If you only have a console available and no X-Window System you can use the command
#sealert -a /var/log/audit/audit.log > myselinuxerrors.txt
or if you have gui

#sealert -b
Mostly you will find hints like
To let anonymous users write to a ftp directory set allow_ftpd_anon_write to 1
to do this just set
#setsebool -P allow_ftpd_anon_write=1