[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: audit log for "setenforce" changes?

From: Stephen Smalley <sds tycho nsa gov>
To: Chuck Anderson <cra WPI EDU>
Cc: fedora-selinux-list redhat com
Subject: Re: audit log for "setenforce" changes?
Date: Mon, 14 Jan 2008 12:48:33 -0500

On Mon, 2008-01-14 at 12:35 -0500, Chuck Anderson wrote:
> On Sat, Jan 12, 2008 at 08:37:04AM -0500, Eric Paris wrote:
> > Do you have auditd running?  If not look in dmesg or /var/log/messages
> > instead of ausearch because it seems to be working fine for me....
> 
> Yes, I do have auditd running.
> 
> #service auditd status
> auditd (pid 2523) is running...
> #service rsyslog status
> rsyslogd (pid 19658) is running...
> rklogd (pid 19664) is running...
> #ausearch  -m MAC_STATUS
> <no matches>
> #setenforce 0
> #ausearch -m MAC_STATUS
> <no matches>
> #setenforce 1
> #ausearch -m MAC_STATUS
> <no matches>
> #setenforce 0
> #ausearch -m MAC_STATUS
> <no matches>
> #grep setenforce /var/log/messages
> #grep setenforce /var/log/syslog
> #grep setenforce /var/log/secure
> #dmesg|grep setenforce

kernel version?
audit version?

-- 
Stephen Smalley
National Security Agency

References:
- audit log for "setenforce" changes?
  - From: Chuck Anderson
- Re: audit log for "setenforce" changes?
  - From: Stephen Smalley
- Re: audit log for "setenforce" changes?
  - From: Chuck Anderson
- Re: audit log for "setenforce" changes?
  - From: Eric Paris
- Re: audit log for "setenforce" changes?
  - From: Chuck Anderson

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]