It is also a convenient way of browsing your current SELinux-related log messages. It provides a link between this output and your policies and can query policy for rules related to a particular message.
Next is the seaudit graphical tool which parses the /var/log/messages file and displays all SELinux audit messages. It has a variety of automated analysis reports that allow you to see how your policies interact and flow. It is a graphical interface that provides the ability to browse and search through your SELinux policy. The first of these tools is the apol policy analyzer. The most interesting tools to try first are the graphical tools. Now that you have SETools installed, you can make some use of it. You can also customize those reports to suit your requirements by altering the installed configuration file. The tools will send email reports via the Logwatch framework. This will install the required scripts and configuration files into the /etc/logwatch directory. You can install this integration (you must have Logwatch installed first) via the make install-logwatch target.
This turns SETools into a simple host IDS (intrusion detection system). With Logwatch and SETools installed you can automate the sending of customized audit reports via email.
SETools also comes with an audit report integration Logwatch. configure # makeĪfter you have compiled SETools, the next step is to install it. The most current version of SETools is 3.3.1. Once you've satisfied all the prerequisites, you can download SETools and compile it. If you don't need or want to use the GUI tools, you can disable the requirement for BWidget using the -disable-bwidget-check configure script option. A BWidget package is included with SETools in the packages directory or you can install it via your distribution's package manager. The apol tool also requires, BWidget (version 1.7 or later). Many of these prerequisites may already be present on your host. The package names assume you're running Red Hat Enterprise Linux or a variation such as Fedora or CentOS. In addition to requiring the standard suite of development tools, SETools also requires the following: Should you need to install SETools via source or you would just like a more recent version, then you need to install some applications. At the time of writing, version 3.1 was available.) (Note: The SETools versions available from the default repositories may not be up to date. On Fedora Core you would install SETools using yum: For Red Hat Enterprise Linux 5 and Fedora Core 6+, packages should exist in the default repositories. You can setup SETools from a package or from source.
How does SETools help you out? The SETools package combines a number of different tools to assist you in working with SELinux policies.
0 kommentar(er)
