Welcome to the Linux Foundation Forum!

LAB 4.1 - SELinux logs

Hello everyone,
I've managed to do the lab exercise, however I have a question concerning SELinux.
By default, SELinux was disabled on my VM so I've changed enforce mode to Permissive (by editing /etc/sysconfig/selinux file), rebooted and changed root password again, just to see what would happen. After reboot, the password was successfully updated but I couldn't find any SELinux reports. I've checked with getenforce and SELinux is indeed in Permissive mode.
Next, I try setting SELinux to Enforcing mode and either I don't get the login prompt for student, either it doesn't accept the password. So, I guess SELinux is working (?)
Why don't I get any warning messages when in Permissive mode ?
In /var/log/messages I get messages like:

Jun 10 09:38:26 second kernel: SELinux:  Initializing.
Jun 10 09:38:26 second systemd[1]: systemd 219 running in system mode. (+PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 -SECCOMP +BLKID +ELFUTILS +KMOD +IDN)
Jun 10 09:38:27 second systemd[1]: Successfully loaded SELinux policy in 137.817ms.
Jun 10 09:38:27 second systemd: systemd 219 running in system mode. (+PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 -SECCOMP +BLKID +ELFUTILS +KMOD +IDN)

/var/log/audit is empty and /var/log/avc* doesn't exist...

Comments

  • lee42x
    lee42x Posts: 380

    Hi k0dard,
    Can you please confirm the course number and version on the cover of the manual? Thanks.

    The "audit" package should be installed, check with "systemctl status auditd" It will create entries in the file /var/log/audit/audit.log. Messages from SELinux generally show up as "AVC". If auditd is running and "setroubleshoot-server" installed, then the system errolog (/var/log/messages on CentOS) will have more verbose entries for the SELinux messages.

    I'm not sure why you are changing the root password. Let me know.

    Regards Lee

  • k0dard
    k0dard Posts: 115

    Hello Lee,
    And thanks for your answer!
    I'm changing the root password because it's a lab exercise in LFS 216...
    Regards k0dard

Categories

Upcoming Training