[CentOS] Some basic SELinux questions
At my place we don't use SELinux because we have a gazillion tonnes of legacy software that just are not compatible with the default policies. No one wants to go to the effort of working out everything that needs changing. We also use cfengine for central management. Which somestimes causes a problem when CFe modifies a file that I don't want modified on my machine. So I want to be able to track when specific files were changed. My obvious thought was create an SELinux audit policy that can track file changes, raise a log message, and we can monitor the logs. At this point I'm at a loss. Let's say I want to know when /local/app/my_app/etc/myfile.conf has been modified; how would I do this? Any ideas? Failing that I guess I could use inotify, but I don't know how well this would scale to 100s of files. Thanks! -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Some basic SELinux questions
Stephen Harris wrote: At my place we don't use SELinux because we have a gazillion tonnes of legacy software that just are not compatible with the default policies. No one wants to go to the effort of working out everything that needs changing. We also use cfengine for central management. Which somestimes causes a problem when CFe modifies a file that I don't want modified on my machine. So I want to be able to track when specific files were changed. My obvious thought was create an SELinux audit policy that can track file changes, raise a log message, and we can monitor the logs. At this point I'm at a loss. snip Doesn't cfengine allow for logging changes on a per-system basis? mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Some basic SELinux questions
On Fri, Apr 25, 2014 at 02:51:40PM -0400, m.r...@5-cent.us wrote: Stephen Harris wrote: a problem when CFe modifies a file that I don't want modified on my machine. Doesn't cfengine allow for logging changes on a per-system basis? I don't control the cfengine configuration, so I don't get to determine the logs, which is why I want to be alerted if it changes one of my files :-) -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Some basic SELinux questions
On 4/25/2014 4:27 PM, Stephen Harris wrote: On Fri, Apr 25, 2014 at 02:51:40PM -0400, m.r...@5-cent.us wrote: Stephen Harris wrote: a problem when CFe modifies a file that I don't want modified on my machine. Doesn't cfengine allow for logging changes on a per-system basis? I don't control the cfengine configuration, so I don't get to determine the logs, which is why I want to be alerted if it changes one of my files :-) Aide would seem to be what you are looking for. It tracks hashes, timestamps, permissions, etc of the files on your system and notifies you when something changes. -- Bowie ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Some basic SELinux questions
how about using audits ? 2014-04-25 23:32 GMT+03:00 Bowie Bailey bowie_bai...@buc.com: On 4/25/2014 4:27 PM, Stephen Harris wrote: On Fri, Apr 25, 2014 at 02:51:40PM -0400, m.r...@5-cent.us wrote: Stephen Harris wrote: a problem when CFe modifies a file that I don't want modified on my machine. Doesn't cfengine allow for logging changes on a per-system basis? I don't control the cfengine configuration, so I don't get to determine the logs, which is why I want to be alerted if it changes one of my files :-) Aide would seem to be what you are looking for. It tracks hashes, timestamps, permissions, etc of the files on your system and notifies you when something changes. -- Bowie ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Some basic SELinux questions
how about using auditd or ossec ? -- Eero 2014-04-25 23:32 GMT+03:00 Bowie Bailey bowie_bai...@buc.com: On 4/25/2014 4:27 PM, Stephen Harris wrote: On Fri, Apr 25, 2014 at 02:51:40PM -0400, m.r...@5-cent.us wrote: Stephen Harris wrote: a problem when CFe modifies a file that I don't want modified on my machine. Doesn't cfengine allow for logging changes on a per-system basis? I don't control the cfengine configuration, so I don't get to determine the logs, which is why I want to be alerted if it changes one of my files :-) Aide would seem to be what you are looking for. It tracks hashes, timestamps, permissions, etc of the files on your system and notifies you when something changes. -- Bowie ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Some basic SELinux questions
Sorry, I got trigger happy with the delete key... so this message is a little out of order... Eero Volotinen wrote: how about using auditd or ossec ? And it looks like auditd may be exactly what I need. Thanks! -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
