On Sat, May 2, 2009 at 2:39 PM, Luke Macken <lmacken@xxxxxxxxxx> wrote: > Hey everyone, > > So I've been doing a lot of SELinux/audit related work behind the scenes > within our infrastructure for a while now, working closely with Dan > Walsh and Steve Grubb. It's taken a lot of patience and hard work, but > we're finally at the point where we can start switching large portions > of our infrastructure over to SELinux Enforcing mode. Congrats... I hearts selinux. I would like to go over how this was all accomplished.. [I will be looking forward to reading the class Dan does tomorrow too... ] > The following server groups are now fully enforcing: > > o gateway > o people > o planet > o fas > o collab > o releng > o db > o torrent > o dns > > These are all groups of machines that have not had any SELinux > denials in at least a month. If you notice any issues with > regard to these groups, please speak up. > > I will be keeping a close eye on these machines, and I encourage anyone > that is interested to do the same. I threw together a little tool that > I've been using to monitor & manage SELinux on our machines. It uses > func, and allows you to do the following: > > Get the SELinux status: > > selinux-overlord.py --status > > Display all enforced denials: > > selinux-overlord.py --enforced-denials Oooooh sexy. -- Stephen J Smoogen. -- BSD/GNU/Linux How far that little candle throws his beams! So shines a good deed in a naughty world. = Shakespeare. "The Merchant of Venice" _______________________________________________ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
