Tag Archives: selinux

How to receive email alerts on Selinux denials on RHEL and CentOS

Firts of all install a few packages to get started:

yum install setroubleshoot{-server,-plugins,-doc}

Assuming that the system has been configured to use an smtp relay do:

echo “<your-email-address>       filter_type=never” > /var/lib/setroubleshoot/email_alert_recipients
service auditd restart ; service messagebus restart

The option filter_type can be customized as needed. A valid list of options are:

  1. after_first. This option will allow the system to sent you the first denial notification and then silence them.
  2. never. This option will never filter out notifications
  3. alway. This option will always silence notifications.

If you need to set an different email server, open /etc/setroubleshoot/setroubleshoot.conf in your favorite text editor and adjust the [email] section to fit your server:

recipients_filepath = /var/lib/setroubleshoot/email_alert_recipients
smtp_port = 25
smtp_host = localhost
from_address = selinux@myserver.com
subject = [MyServer] SELinux AVC Alert

Hope this saves you from some trouble searching.

%d bloggers like this: