Red Hat Summit Red Hat SummitSupportKonsoleEntwicklerDemo startenKontakt

Dieser Inhalt ist in der von Ihnen ausgewählten Sprache nicht verfügbar.

4.2. Which Log File is Used

In Red Hat Enterprise Linux, the dbus and audit packages are installed by default, unless they are removed from the default package selection. The setroubleshoot-server must be installed using Yum (use the yum install setroubleshoot-server command).
If the auditd daemon is running, an SELinux denial message, such as the following, is written to /var/log/audit/audit.log by default: 
type=AVC msg=audit(1223024155.684:49): avc:  denied  { getattr } for  pid=2000 comm="httpd" path="/var/www/html/file1" dev=dm-0 ino=399185 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=system_u:object_r:samba_share_t:s0 tclass=file
Copy to Clipboard Toggle word wrap
In addition, a message similar to the one below is written to the /var/log/message file: 
May 7 18:55:56 localhost setroubleshoot: SELinux is preventing httpd (httpd_t) "getattr" to /var/www/html/file1 (samba_share_t). For complete SELinux messages. run sealert -l de7e30d6-5488-466d-a606-92c9f40d316d
Copy to Clipboard Toggle word wrap
In Red Hat Enterprise Linux 7, setroubleshootd no longer constantly runs as a service. However, it is still used to analyze the AVC messages. Two new programs act as a method to start setroubleshoot when needed:
  • The sedispatch utility runs as a part of the audit subsystem. When an AVC denial message is returned, sedispatch sends a message using dbus. These messages go straight to setroubleshootd if it is already running. If it is not running, sedispatch starts it automatically.
  • The seapplet utility runs in the system toolbar, waiting for dbus messages in setroubleshootd. It launches the notification bubble, allowing the user to review AVC messages.

Procedure 4.1. Starting Daemons Automatically

  1. To configure the auditd and rsyslog daemons to automatically start at boot, enter the following commands as the root user: 
    ~]# systemctl enable auditd.service
    Copy to Clipboard Toggle word wrap 
    ~]# systemctl enable rsyslog.service
    Copy to Clipboard Toggle word wrap
  2. To ensure that the daemons are enabled, type the following commands at the shell prompt: 
    ~]$ systemctl is-enabled auditd
enabled
    Copy to Clipboard Toggle word wrap 
    ~]$ systemctl is-enabled rsyslog
enabled
    Copy to Clipboard Toggle word wrap
    Alternatively, use the systemctl status service-name.service command and search for the keyword enabled in the command output, for example: 
    ~]$ systemctl status auditd.service | grep enabled
auditd.service - Security Auditing Service
   Loaded: loaded (/usr/lib/systemd/system/auditd.service; enabled)
    Copy to Clipboard Toggle word wrap
To learn more on how the systemd daemon manages system services, see the Managing System Services chapter in the System Administrator's Guide.
Red Hat logoGithubredditYoutubeTwitter

Lernen

Testen, kaufen und verkaufen

Communitys

Über Red Hat Dokumentation

Wir helfen Red Hat Benutzern, mit unseren Produkten und Diensten innovativ zu sein und ihre Ziele zu erreichen – mit Inhalten, denen sie vertrauen können. Entdecken Sie unsere neuesten Updates.

Mehr Inklusion in Open Source

Red Hat hat sich verpflichtet, problematische Sprache in unserem Code, unserer Dokumentation und unseren Web-Eigenschaften zu ersetzen. Weitere Einzelheiten finden Sie in Red Hat Blog.

Über Red Hat

Wir liefern gehärtete Lösungen, die es Unternehmen leichter machen, plattform- und umgebungsübergreifend zu arbeiten, vom zentralen Rechenzentrum bis zum Netzwerkrand.

Theme

© 2026 Red HatNach oben