Chapter 5. Controlling and Maintaining SELinux


71


5.3.2. Dump or View Policy


While there is no formal way to dump the policy in memory, there are several tools which make it


easier to view and analyze policy. Here are three ways of viewing the policy.


The binary policy directory at


$SELINUX_POLICY/


contains information on Booleans and file


contexts. You can analyze the binary policy with the


setools


such as apol and


seinfo


, which are


discussed in Chapter 6 Tools for Manipulating and Analyzing SELinux.


You can read more about where the policy files are located starting in Section 2.2 Where is the


Policy?.


For a more thorough analysis, nothing equals the policy source, located in


$SELINUX_SRC/


and


discussed extensively in Chapter 2 SELinux Policy Overview and Chapter 3 Targeted Policy


Overview.


Standard command line text processing tools and the


setools


are two essential methods for view 


ing and understanding the policy source.


Currently, the best method for analyzing SELinux policy is to use the


setools


. One GUI tool


in particular is apol, which provides fairly complex analysis capabilities. This is discussed more


thoroughly in Section 6.3 Using apol for Policy Analysis.


5.3.3. Dump and View Logs


The SELinux implementation in Red Hat Enterprise Linux 4 routes AVC audit messages to


/var/log/messages


. You can seek just the audit messages using


grep


and searching for


avc


or


audit


.


As discussed in Section 6.2 Using seaudit for Audit Log Analysis,


seaudit


is a GUI tool for organiz 


ing and analyzing just policy messages. The tool


seaudit report


generates text or HTML reports


of audit messages.


5.3.4. Viewing AVC Statistics


The best way to view formatted statistics about the access vector cache is to use


avcstat


. This is


explained in Section 6.1 Information Gathering Tools.


5.4. Policy Writer Control of SELinux


Writing SELinux policy is not a trivial undertaking. The topic cannot easily be covered in a few,


simple how to steps. If you are interested in this topic, read Chapter 7 Compiling SELinux Policy and


Chapter 8 Customizing and Writing Policy. Those chapters contain information on writing, testing,


loading, and validating a policy.








footer






  


 


 


        

 


 

  

    

      
      
 Home 
      | About Us | Network 
      | Services | Support 
      | FAQ | Control Panel 
      | Order Online |
      Sitemap | Contact

      

      adult web hosting

      
 

    

  

  




Our partners: 
PHP: Hypertext Preprocessor Best Web Hosting
Java Web Hosting
Inexpensive Web Hosting 
Jsp Web Hosting 




Cheapest Web Hosting
Jsp Hosting
Cheap Hosting



Visionwebhosting.net Business web hosting division of Web 
Design Plus. All rights reserved