How to receive email alerts on Selinux denials on RHEL and CentOS

Firts of all install a few packages to get started:

yum install setroubleshoot{-server,-plugins,-doc}

Assuming that the system has been configured to use an smtp relay do:

echo “<your-email-address>       filter_type=never” > /var/lib/setroubleshoot/email_alert_recipients
service auditd restart ; service messagebus restart

The option filter_type can be customized as needed. A valid list of options are:

  1. after_first. This option will allow the system to sent you the first denial notification and then silence them.
  2. never. This option will never filter out notifications
  3. alway. This option will always silence notifications.

If you need to set an different email server, open /etc/setroubleshoot/setroubleshoot.conf in your favorite text editor and adjust the [email] section to fit your server:

recipients_filepath = /var/lib/setroubleshoot/email_alert_recipients
smtp_port = 25
smtp_host = localhost
from_address =
subject = [MyServer] SELinux AVC Alert

Hope this saves you from some trouble searching.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: