Constance Morris wrote: > [mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of m.roth@xxxxxxxxx <snip> >> You want a good laugh.....I did copy yours. Oops. >> I do not see any sealert info in the messages log. Do I need to run or >> rather start sealer? > > Nope. If auditd is running, that's all you need. If you see no sealerts in > /var/log/messages, or AVCs in /var/log/audit/audit.log, be happy. The > messages are for specific AVCs on *your* system, they're not generic. <snip> > I do get AVC messages in the audit.log file : > type=AVC msg=audit(1368211292.794:1593): avc: denied { search } for > pid=13587 comm="procmail" name="www" dev=dm-0 ino=3440923 > scontext=system_u:system_r:procmail_t:s0 > tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=dir Ok, and that really did happen, since you're enforcing, not permissive. There should be a message in /var/log/messages with the kind of wording I posted, and it'll give you the command line for sealert. mark -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
