RHEL6 and SElinux

One of the most important packages to run successfully RHEL6 and SElinux is the setroubleshoot package. It includes useful tools like the setroubleshoot daemon and utils like sealert, sestatus…..

So lets see whats the sestatus of my system:
[root@rhel1 ~]# sestatus
SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   enforcing
Mode from config file:          enforcing
Policy version:                 24
Policy from config file:        targeted

Ok so assuming i want to set up an ftp server. I know my configuration is correct. Permissions on the directories are set etc… But ftp still do not let me write to the directory.  So i need to have a tool which shows me the audit.log of selinux. This can be done with sealert.

If you only have a console available and no X-Window System you can use the command

#sealert -a /var/log/audit/audit.log > myselinuxerrors.txt

or if you have gui

#sealert -b

Mostly you will find hints like

To let anonymous users write to a ftp directory set allow_ftpd_anon_write to 1

to do this just set

#setsebool -P allow_ftpd_anon_write=1

Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.