Getting the user ID in log messages...
Levine, Daniel J.
Daniel.Levine at jhuapl.edu
Wed Jun 9 15:02:04 UTC 2004
His guys,
First let me start off by saying that I've been running Fedora Core 2 with
SELinux in permissive mode since a few days after it was released officially
with no real system problems.
That being said, I'm trying to understand how to do things properly to
maintain the integrity of the system and perform the auditing I desire. Is
there a good place to look which documents the SELinux relevant commands?
The Fedora Core 2 SELinux FAQ has some interesting info, but relatively few
commands. A Gentoo related site gave me some command ideas. Perhaps this
is on the documentation CD for Fedora Core 2, which I have yet to download?
I expected to be able to hunt through the man pages starting with man
selinux, but that didn't pan out. I found some other references online
called the Getting Started with SE Linux HOWTO and Gentoo SE Linux HOWTO,
but these offered some commands not available in the Fedora Core 2
implementation. To be more specific, I have been able to type "id" and
"newrole", but not able to type "rlpkg" and "run_init". Re-labeling a file
system is something they do with "cd /etc/security/selinux/src/plicy; make
relabel", but I was unable to find the equivalent.
I have a very specific issue that I'm trying to figure out. For some
reason, when a role violation (perhaps there's a better phrase) occurs and a
log message is produced in /var/log/messages, I would like see a user id and
the context. For example in "Getting Started with SE Linux HOWTO (7.
Explanation of log file messages) the example show the following scontext:
scontext: faye:user_r:user_t
This is great, as I would know to contact the user faye and ask about the
situation. But on my Fedora Core 2 machine, my /var/log/messages produces:
scontext: user_u:user_r:user_t
This is not so useful. As I have no idea who user_u is. I am using NIS for
this system. Typing "id" on my system produces:
uid=706(dan) gid=20(games) groups=20(games),501(test)
context=user_u:user_r:user_t
So I guess everything is consistent with the log entry as far as the system
is concerned. I just don't want a generic user_u to get filled in for
violations. I want the specific user id and name. Perhaps I need to
configure some more stuff for use with NIS?
Daniel J. Levine
Section Supervisor
Johns Hopkins University
Applied Physics Laboratory
443-778-3952 240-228-3952
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20040609/45c18d3f/attachment.htm>
More information about the fedora-selinux-list
mailing list