How to receive email alerts on Selinux denials on RHEL and CentOS

Firts of all install a few packages to get started:

yum install setroubleshoot{-server,-plugins,-doc}

Assuming that the system has been configured to use an smtp relay do:

echo “<your-email-address>       filter_type=never” > /var/lib/setroubleshoot/email_alert_recipients
service auditd restart ; service messagebus restart

The option filter_type can be customized as needed. A valid list of options are:

  1. after_first. This option will allow the system to sent you the first denial notification and then silence them.
  2. never. This option will never filter out notifications
  3. alway. This option will always silence notifications.

If you need to set an different email server, open /etc/setroubleshoot/setroubleshoot.conf in your favorite text editor and adjust the [email] section to fit your server:

recipients_filepath = /var/lib/setroubleshoot/email_alert_recipients
smtp_port = 25
smtp_host = localhost
from_address = selinux@myserver.com
subject = [MyServer] SELinux AVC Alert

Hope this saves you from some trouble searching.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: