On 10/21/2009 10:32 AM, Marco Shaw wrote:
Is there anything online detailing SELinux's accounting and
auditing features?
Example:
How/if it does system and process accounting
How/if it does system and process auditing
How/if it exactly logs (through syslogd?)
SELinux is a MAC (Mandatory Access Control) system. It does not do
accounting and auditing. However the features in the audit system are
probably what you want. For information on audit start here:
http://people.redhat.com/sgrubb/audit/index.html
SELinux denials do get recorded in the audit log (/var/log/audit/audit.log)
--
John Dennis <jdennis(a)redhat.com>
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/