• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

The Geek Diary

CONCEPTS | BASICS | HOWTO

  • OS
    • Linux
    • CentOS/RHEL
    • Solaris
    • Oracle Linux
    • Linux Services
    • VCS
  • Database
    • oracle
    • oracle 12c
    • ASM
    • mysql
    • MariaDB
    • Data Guard
  • DevOps
    • Docker
    • Shell Scripting
  • Interview Questions
  • Big Data
    • Hadoop
    • Cloudera
    • Hortonworks HDP

Linux OS Service ‘setroubleshoot’

By admin

SELinux (Security Enhanced Linux) provides mandatory access control to the Linux operating system. SELinux is quite pervasive, even if only in PERMISSIVE mode. This can expose latent bugs in non-SELinux components that are not visible unless SELinux is running. Frustrated users have developed the perception that SELinux is difficult to use.

The setroubleshoot service is intended to make SELinux more friendly. It collects SELinux audit events from the kernel and runs a series of analysis plug-ins to examine an access violation detected by SELinux. It then records the results of the analysis and signals any clients which have requested notifications of these events. Once tool which makes use of this is the sealert tool, which presents desktop notifications similar to email biff alerts.

SELinux must be enabled to run this service. This is a service to run the daemon /usr/sbin/selinuxenabled tool. Use the belo command to install setroubleshoot.

# yum install setroubleshoot

Service Control

How to start or stop this service:

# service setroubleshoot start|stop

Output of “chkconfig –list setroubleshoot”:

# chkconfig --list setroubleshoot
setroubleshoot 	0:off	1:off	2:off	3:on	4:on	5:on	6:off

Examples of all usage options:

# /etc/init.d/setroubleshoot
{start|stop|status|restart|condrestart|reload|cleardb}

The cleardb option is unique to this service. This deletes the current notification database file at /var/lib/setroubleshoot/database.xml and effectively clears the event log.

Configuration

The setroubleshoot service is controlled by the /etc/setroubleshoot/setroubleshoot.cfg configuration file. Most installations can leave this defaulted, but may wish to review it for additional features such as its ability to send email messages for each access denial. The name of the configuaration file is /etc/setroubleshoot/setroubleshoot.conf in CentOS/RHEL 7.

Filed Under: Linux, Linux Services

Some more articles you might also be interested in …

  1. CentOS / RHEL : How to create a Thinly Provisioned Logical Volume
  2. How to Restrict su Access to a User Only by PAM in Linux
  3. Introduction to sed (Stream Editor) : Useful sed Command Examples
  4. Error “530: permission denied” when user logs in to vsftpd server via ftp
  5. How to add a Custom Script to systemd in CentOS/RHEL 7
  6. Determining disk usage in Linux using “du” command
  7. CentOS / RHEL 5 : How to Configure kdump
  8. How to create partitions inside loopback device
  9. MySQL Fails to Start Using systemctl On systemd Linux Distributions
  10. Linux OS Service ‘network’

You May Also Like

Primary Sidebar

Recent Posts

  • What are different Oracle Database Vault Roles
  • Unable to export realm protected table using data pump
  • Beginners Guide to Oracle Database Vault
  • How to Disable IPv6 on Ubuntu 18.04 Bionic Beaver Linux
  • Archives
  • Contact Us
  • Copyright

© 2021 · The Geek Diary