selinux-faq/en_US selinux-faq.xml,1.2,1.3
Chad Sellers (csellers)
fedora-docs-commits at redhat.com
Fri Mar 24 17:56:41 UTC 2006
Author: csellers
Update of /cvs/docs/selinux-faq/en_US
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv15666
Modified Files:
selinux-faq.xml
Log Message:
updated log file location for FC5 release, added targeted domains FAQ
Index: selinux-faq.xml
===================================================================
RCS file: /cvs/docs/selinux-faq/en_US/selinux-faq.xml,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- selinux-faq.xml 22 Mar 2006 03:04:53 -0000 1.2
+++ selinux-faq.xml 24 Mar 2006 17:56:33 -0000 1.3
@@ -333,55 +333,103 @@
</para>
</answer>
</qandaentry>
-<!-- Need to update this for FC5
<qandaentry>
<question>
<para>
- What daemons are protected by the targeted policy?
+ What programs are protected by the targeted policy?
</para>
</question>
<answer>
<para>
- Currently, the list of daemons is:
+ Currently, the list of programs is approximately:
</para>
- <itemizedlist>
- <listitem>
- <para><command>dhcpd</command></para>
- </listitem>
- <listitem>
- <para><command>httpd</command>
- (<filename>apache.te</filename>)</para>
- </listitem>
- <listitem>
- <para><command>named</command></para>
- </listitem>
- <listitem>
- <para><command>nscd</command></para>
- </listitem>
- <listitem>
- <para><command>ntpd</command></para>
- </listitem>
- <listitem>
- <para><command>portmap</command></para>
- </listitem>
- <listitem>
- <para><command>snmpd</command></para>
- </listitem>
- <listitem>
- <para><command>squid</command></para>
- </listitem>
- <listitem>
- <para><command>syslogd</command></para>
- </listitem>
- </itemizedlist>
<para>
- The policy files for these daemons are found in
- <filename>/etc/selinux/targeted/src/policy/domains/program</filename>.
- In the future, more daemons will be added to the targeted policy
- protection.
- </para>
+ <filename>accton</filename>,
+ <filename>amanda</filename>,
+ <filename>httpd</filename> (apache),
+ <filename>arpwatch</filename>,
+ <filename>pam</filename>,
+ <filename>automount</filename>,
+ <filename>avahi</filename>,
+ <filename>named</filename>,
+ <filename>bluez</filename>,
+ <filename>lilo</filename>,
+ <filename>grub</filename>,
+ <filename>canna</filename>,
+ <filename>comsat</filename>,
+ <filename>cpucontrol</filename>,
+ <filename>cpuspeed</filename>,
+ <filename>cups</filename>,
+ <filename>cvs</filename>,
+ <filename>cyrus</filename>,
+ <filename>dbskkd</filename>,
+ <filename>dbus</filename>,
+ <filename>dhcpd</filename>,
+ <filename>dictd</filename>,
+ <filename>dmidecode</filename>,
+ <filename>dovecot</filename>,
+ <filename>fetchmail</filename>,
+ <filename>fingerd</filename>,
+ <filename>ftpd</filename> (vsftpd, proftpd, and muddleftpd),
+ <filename>gpm</filename>,
+ <filename>hald</filename>,
+ <filename>hotplug</filename>,
+ <filename>howl</filename>,
+ <filename>innd</filename>,
+ <filename>kerberos</filename>,
+ <filename>ktalkd</filename>,
+ <filename>openldap</filename>,
+ <filename>auditd</filename>,
+ <filename>syslog</filename>,
+ <filename>logwatch</filename>,
+ <filename>lpd</filename>,
+ <filename>lvm</filename>,
+ <filename>mailman</filename>,
+ <filename>module-init-tools</filename>,
+ <filename>mount</filename>,
+ <filename>mysql</filename>,
+ <filename>NetworkManager</filename>,
+ <filename>NIS</filename>,
+ <filename>nscd</filename>,
+ <filename>ntp</filename>,
+ <filename>pegasus</filename>,
+ <filename>portmap</filename>,
+ <filename>postfix</filename>,
+ <filename>postgresql</filename>,
+ <filename>pppd</filename>,
+ <filename>pptp</filename>,
+ <filename>privoxy</filename>,
+ <filename>procmail</filename>,
+ <filename>radiusd</filename>,
+ <filename>radvd</filename>,
+ <filename>rlogin</filename>,
+ <filename>nfs</filename>,
+ <filename>rsync</filename>,
+ <filename>samba</filename>,
+ <filename>saslauthd</filename>,
+ <filename>snmpd</filename>,
+ <filename>spamd</filename>,
+ <filename>squid</filename>,
+ <filename>stunnel</filename>,
+ <filename>dhcpc</filename>,
+ <filename>ifconfig</filename>,
+ <filename>sysstat</filename>,
+ <filename>tcp wrappers</filename>,
+ <filename>telnetd</filename>,
+ <filename>tftpd</filename>,
+ <filename>updfstab</filename>,
+ <filename>user management</filename> (passwd, useradd, etc.),
+ <filename>crack</filename>,
+ <filename>uucpd</filename>,
+ <filename>vpnc</filename>,
+ <filename>webalizer</filename>,
+ <filename>xend</filename>,
+ <filename>xfs</filename>,
+ <filename>zebra</filename>
+ </para>
</answer>
</qandaentry>
+<!--
<qandaentry>
<question>
<para>
@@ -1099,7 +1147,7 @@
additional customizations.
</para>
<screen>
-<computeroutput>audit2allow -M local -l -i /var/log/audit/audit.log
+<computeroutput>audit2allow -M local -l -i /var/log/messages
Generating type enforcment file: local.te
Compiling policy
checkmodule -M -m -o local.mod local.te
@@ -1113,6 +1161,10 @@
semodule -i local.pp</computeroutput>
</screen>
<para>
+ Note that the above assumes you are not using the audit daemon.
+ If you were using the audit daemon, then you should use
+ <filename>/var/log/audit/audit.log</filename> instead of
+ <filename>/var/log/messages</filename> as your log file.
This will generate a <filename>local.te</filename> file, that
looks something like the following:
</para>
@@ -1475,7 +1527,9 @@
<para>
I get a specific permission denial only when &SEL; is in enforcing
mode, but I don't see any audit messages in
- <filename>/var/log/audit/audit.log</filename>. How can I identify the
+ <filename>/var/log/messages</filename> (or
+ <filename>/var/log/audit/audit.log</filename> if using the audit
+ daemon). How can I identify the
cause of these silent denials?
</para>
</question>
@@ -2243,6 +2297,27 @@
</itemizedlist>
</answer>
</qandaentry>
+ <qandaentry>
+ <question>
+ <para>
+ Where are &SEL; AVC messages (denial logs, etc.) stored?
+ </para>
+ </question>
+ <answer>
+ <para>
+ In &FC; 2 and 3, SELinux AVC messages could be found in
+ <filename>/var/log/messages</filename>.
+ In &FC; 4, the audit daemon was added, and these messages
+ moved to
+ <filename>/var/log/audit/audit.log</filename>.
+ In &FC; 5, the audit daemon is not installed by default, and
+ consequently these messages can be found in
+ <filename>/var/log/messages</filename> unless you choose to
+ install the audit daemon, in which case AVC messages will be in
+ <filename>/var/log/audit/audit.log</filename>.
+ </para>
+ </answer>
+ </qandaentry>
</qandadiv>
<qandadiv id="faq-div-deploying-selinux">
<title>Deploying &SEL;</title>
More information about the Fedora-docs-commits
mailing list