[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: audit log for "setenforce" changes?

From: Chuck Anderson <cra WPI EDU>
To: fedora-selinux-list redhat com
Subject: Re: audit log for "setenforce" changes?
Date: Mon, 14 Jan 2008 12:35:32 -0500

On Sat, Jan 12, 2008 at 08:37:04AM -0500, Eric Paris wrote:
> Do you have auditd running?  If not look in dmesg or /var/log/messages
> instead of ausearch because it seems to be working fine for me....

Yes, I do have auditd running.

#service auditd status
auditd (pid 2523) is running...
#service rsyslog status
rsyslogd (pid 19658) is running...
rklogd (pid 19664) is running...
#ausearch  -m MAC_STATUS
<no matches>
#setenforce 0
#ausearch -m MAC_STATUS
<no matches>
#setenforce 1
#ausearch -m MAC_STATUS
<no matches>
#setenforce 0
#ausearch -m MAC_STATUS
<no matches>
#grep setenforce /var/log/messages
#grep setenforce /var/log/syslog
#grep setenforce /var/log/secure
#dmesg|grep setenforce

Follow-Ups:
- Re: audit log for "setenforce" changes?
  - From: Eric Paris
- Re: audit log for "setenforce" changes?
  - From: Stephen Smalley

References:
- audit log for "setenforce" changes?
  - From: Chuck Anderson
- Re: audit log for "setenforce" changes?
  - From: Stephen Smalley
- Re: audit log for "setenforce" changes?
  - From: Chuck Anderson
- Re: audit log for "setenforce" changes?
  - From: Eric Paris

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]