audit log for "setenforce" changes?
Chuck Anderson
cra at WPI.EDU
Mon Jan 14 17:35:32 UTC 2008
On Sat, Jan 12, 2008 at 08:37:04AM -0500, Eric Paris wrote:
> Do you have auditd running? If not look in dmesg or /var/log/messages
> instead of ausearch because it seems to be working fine for me....
Yes, I do have auditd running.
#service auditd status
auditd (pid 2523) is running...
#service rsyslog status
rsyslogd (pid 19658) is running...
rklogd (pid 19664) is running...
#ausearch -m MAC_STATUS
<no matches>
#setenforce 0
#ausearch -m MAC_STATUS
<no matches>
#setenforce 1
#ausearch -m MAC_STATUS
<no matches>
#setenforce 0
#ausearch -m MAC_STATUS
<no matches>
#grep setenforce /var/log/messages
#grep setenforce /var/log/syslog
#grep setenforce /var/log/secure
#dmesg|grep setenforce
More information about the fedora-selinux-list
mailing list