selinux is a great tool for keeping your server secure. The problem many people run into is properly configuring security policies to allow their services to run properly. Redhat-derived Linux distributions provide the audit2allow utility for easing the creation of selinux policy.
To make it even easier to create selinux policies add the following bash functions to your profile:
function chkaudit {
GETENFORCE="$(which getenforce)"
if [ "$EUID" != "0" ] || [ "$USER" != "root" ]
then
echo "chkaudit must be run as root."
else
if [ -e "$GETENFORCE" ]
then
CHK="$($GETENFORCE)"
if [[ $CHK == "Enforcing" ]]
then
AUDIT="$(locate audit.log | grep /audit.log$)"
A2A="$(which audit2allow)"
echo "Checking $AUDIT for violations..."
$A2A < $AUDIT
fi
fi
fi
}
function mkpolicy {
GETENFORCE="$(which getenforce)"
if [ "$EUID" != "0" ] || [ "$USER" != "root" ]
then
echo "mkpolicy must be run as root."
else
if [ -e "$GETENFORCE" ]
then
CHK="$($GETENFORCE)"
if [[ $CHK == "Enforcing" ]]
then
AUDIT="$(locate audit.log | grep /audit.log$)"
A2A="$(which audit2allow)"
echo "Updating SELinux policy..."
$A2A -M local < $AUDIT
fi
fi
fi
}These functions are known to work on CentOS release 5 and should work on any Linux distribution derived from Redhat Linux.
