This is an old revision of the document!
Diagnose And Address Routine Selinux Policy Violations
General Information
About this page/how-to/script.
SELinux Audit Log file
- /var/log/audit/audit.log
- SELinux entries are of type “AVC”
grep AVC /var/log/audit/audit.log
Install SELinux Troubleshooter
yum install setroubleshoot-server
- Once installed, easier to understand log entries are made to /var/log/messages with tips on how to fix any possible issues.
Scan Audit Log
sealert -a /var/log/audit/audit.log
- Analyzes the audit.log file and provides suggestions on how to fix issues.
Other Tips
- Always check selinux status: getenforce
- Set permissive temporarily to see if selinux is the issue: setenforce 0
- Change back when done to fix the underlying issue: setenforce 1