Monthly Archives: April 2014

How to receive email alerts on Selinux denials on RHEL and CentOS

Firts of all install a few packages to get started:

yum install setroubleshoot{-server,-plugins,-doc}

Assuming that the system has been configured to use an smtp relay do:

echo “<your-email-address>       filter_type=never” > /var/lib/setroubleshoot/email_alert_recipients
service auditd restart ; service messagebus restart

The option filter_type can be customized as needed. A valid list of options are:

  1. after_first. This option will allow the system to sent you the first denial notification and then silence them.
  2. never. This option will never filter out notifications
  3. alway. This option will always silence notifications.

If you need to set an different email server, open /etc/setroubleshoot/setroubleshoot.conf in your favorite text editor and adjust the [email] section to fit your server:

recipients_filepath = /var/lib/setroubleshoot/email_alert_recipients
smtp_port = 25
smtp_host = localhost
from_address = selinux@myserver.com
subject = [MyServer] SELinux AVC Alert

Hope this saves you from some trouble searching.

Advertisements

How To setup remote syslog on Vmware ESXi 5.x

To enable remote syslog for wmare esxi 5.x you need to do it from the cli using an ssh terminal

First open an ssh connection to esxi server and see your current configuration

~ # esxcli system syslog config get
Default Network Retry Timeout: 180
Local Log Output: /scratch/log
Local Logging Default Rotation Size: 1024
Local Logging Default Rotations: 8
Log To Unique Subdirectory: false
Remote Host: <none>

As you can see Remote Host setting is not set yet. So we need to specify it

 ~ # esxcli system syslog config set –loghost=’tcp://<your-syslog-server-ip-here>:514′

OR

 ~ # esxcli system syslog config set –loghost=’udp://<your-syslog-server-ip-here>:514′

Now let see again the settings

# esxcli system syslog config get
Default Network Retry Timeout: 180
Local Log Output: /scratch/log
Local Logging Default Rotation Size: 1024
Local Logging Default Rotations: 8
Log To Unique Subdirectory: false
Remote Host: udp://<your-syslog-server-ip-here>

Then reload syslog configuration for changes to take effect

esxcli system syslog reload

Happy sysloging 😉

 

%d bloggers like this: