| 192 |
- |
1 |
[access]
|
|
|
2 |
# client_users: Comma-separated list of users allowed to run the client and
|
|
|
3 |
# connect to the local fault server and therefore see security denials. Also
|
|
|
4 |
# accepts '*' to allow all users to connect.
|
|
|
5 |
client_users = *
|
|
|
6 |
|
|
|
7 |
# fix_cmd_users: Comma-separated list of users allowed to run the fix
|
|
|
8 |
# commands with root privileges. Members of this list can execute the fix
|
|
|
9 |
# commands specified in any alert. The command is executed with root
|
|
|
10 |
# privileges so you should be very caeful who you add to this list as you are
|
|
|
11 |
# granting them significant power to alter the security settings of this
|
|
|
12 |
# system. The wildcard '*' is NOT allowed.
|
|
|
13 |
fix_cmd_users = root
|
|
|
14 |
|
|
|
15 |
[audit]
|
|
|
16 |
# binary_protocol_socket_path: unix domain socket used to listen for audit
|
|
|
17 |
# messages (binary audit protocol)
|
|
|
18 |
binary_protocol_socket_path = /var/run/audit_events
|
|
|
19 |
|
|
|
20 |
# text_protocol_socket_path: unix domain socket used to listen for audit
|
|
|
21 |
# messages (textural audit protocol)
|
|
|
22 |
text_protocol_socket_path = /var/run/audispd_events
|
|
|
23 |
|
|
|
24 |
# retry_interval: number of seconds to wait before trying to connect to audit
|
|
|
25 |
# socket again in the event of socket failure
|
|
|
26 |
retry_interval = 60
|
|
|
27 |
|
|
|
28 |
[client_connect_to]
|
|
|
29 |
# path: No Description Available
|
|
|
30 |
path = /var/run/setroubleshoot/setroubleshoot_server
|
|
|
31 |
|
|
|
32 |
# address_list: List of socket addresses server should listen on for client
|
|
|
33 |
# connections. Addresses should not contain any whitespace. Each address is of
|
|
|
34 |
# the form "[{family}]address[:port]" where [] indicates the value is
|
|
|
35 |
# optional. Valid values for family are inet or unix, if the family is absent
|
|
|
36 |
# it defaults to inet. If the family is unix the address is interpreted as a
|
|
|
37 |
# file path. If the family is inet the address is interpreted as either a host
|
|
|
38 |
# name or IP address. As a special case if the inet address is "hostname" the
|
|
|
39 |
# current hostname will be substituted. If the family is inet the address may
|
|
|
40 |
# optionally be followed by a colon (:) and a port number. If the port number
|
|
|
41 |
# is absent in the address it defaults to the port specified in this config
|
|
|
42 |
# section. Example, to listen on the local unix domain socket and provide
|
|
|
43 |
# remote connections use this "{unix}%(path)s, hostname"
|
|
|
44 |
address_list = {unix}%(path)s hostname
|
|
|
45 |
|
|
|
46 |
[connection]
|
|
|
47 |
# default_port: No Description Available
|
|
|
48 |
default_port = 69783
|
|
|
49 |
|
|
|
50 |
[database]
|
|
|
51 |
# database_dir: No Description Available
|
|
|
52 |
database_dir = /var/lib/setroubleshoot
|
|
|
53 |
|
|
|
54 |
# filename: No Description Available
|
|
|
55 |
filename = setroubleshoot
|
|
|
56 |
|
|
|
57 |
# max_alerts: Keep no more than this many alerts in the database. Oldest
|
|
|
58 |
# alerts based on the alert's last seen date will be purged first. Zero
|
|
|
59 |
# implies no limit
|
|
|
60 |
max_alerts = 50
|
|
|
61 |
|
| 208 |
- |
62 |
# max_alert_age: Purge any alerts whose age based on its last seen date
|
| 192 |
- |
63 |
# exceeds this threshold. Age may be specified as a sequence of integer unit
|
|
|
64 |
# pairs. Units may be one of year,month,week,day,hour,minute,second and may
|
|
|
65 |
# optionally be plural. Example: '2 weeks 1 day' sets the threshold at 15
|
|
|
66 |
# days. An empty string implies no limit
|
|
|
67 |
max_alert_age =
|
|
|
68 |
|
|
|
69 |
[email]
|
|
|
70 |
# smtp_host: The SMTP server address
|
|
|
71 |
smtp_host = localhost
|
|
|
72 |
|
|
|
73 |
# smtp_port: The SMTP server port
|
|
|
74 |
smtp_port = 25
|
|
|
75 |
|
|
|
76 |
# from_address: The From: email header
|
|
|
77 |
from_address = SELinux_Troubleshoot
|
|
|
78 |
|
|
|
79 |
# subject: The Subject: email header
|
|
|
80 |
subject = SELinux AVC Alert
|
|
|
81 |
|
|
|
82 |
# recipients_filepath: Path name of file with email recipients. One address
|
|
|
83 |
# per line, optionally followed by enable flag. Comment character is #.
|
|
|
84 |
recipients_filepath = /var/lib/setroubleshoot/email_alert_recipients
|
|
|
85 |
|
|
|
86 |
[general]
|
|
|
87 |
# pid_file: No Description Available
|
|
|
88 |
pid_file = /var/run/setroubleshootd.pid
|
|
|
89 |
|
|
|
90 |
# project_url: URL of project website
|
|
|
91 |
project_url = https://pagure.io/setroubleshoot
|
|
|
92 |
|
|
|
93 |
[help]
|
|
|
94 |
# help_url: URL to user help information
|
|
|
95 |
help_url = https://pagure.io/docs/setroubleshoot/
|
|
|
96 |
|
|
|
97 |
# bug_report_url: URL used to report bugs
|
|
|
98 |
bug_report_url = http://bugzilla.redhat.com/bugzilla/enter_bug.cgi
|
|
|
99 |
|
|
|
100 |
[helper_apps]
|
|
|
101 |
# web_browser_launcher: Helper application to launch web browser on a URL
|
|
|
102 |
web_browser_launcher = /usr/bin/xdg-open
|
|
|
103 |
|
|
|
104 |
[listen_for_client]
|
|
|
105 |
# path: No Description Available
|
|
|
106 |
path = /var/run/setroubleshoot/setroubleshoot_server
|
|
|
107 |
|
|
|
108 |
# address_list: List of socket addresses server should listen on for client
|
|
|
109 |
# connections. Addresses should not contain any whitespace. Each address is of
|
|
|
110 |
# the form "[{family}]address[:port]" where [] indicates the value is
|
|
|
111 |
# optional. Valid values for family are inet or unix, if the family is absent
|
|
|
112 |
# it defaults to inet. If the family is unix the address is interpreted as a
|
|
|
113 |
# file path. If the family is inet the address is interpreted as either a host
|
|
|
114 |
# name or IP address. As a special case if the inet address is "hostname" the
|
|
|
115 |
# current hostname will be substituted. If the family is inet the address may
|
|
|
116 |
# optionally be followed by a colon (:) and a port number. If the port number
|
|
|
117 |
# is absent in the address it defaults to the port specified in this config
|
|
|
118 |
# section. Example, to listen on the local unix domain socket and provide
|
|
|
119 |
# remote connections use this "{unix}%(path)s, hostname"
|
|
|
120 |
address_list = {unix}%(path)s
|
|
|
121 |
|
|
|
122 |
[plugins]
|
|
|
123 |
# plugin_dir: No Description Available
|
|
|
124 |
plugin_dir = /usr/share/setroubleshoot/plugins
|
|
|
125 |
|
|
|
126 |
[sealert_log]
|
|
|
127 |
# level: sealert logging level. Levels are the same as in the python logging
|
|
|
128 |
# module, but are case insenstive. The defined levels in severity order are:
|
|
|
129 |
# [CRITICAL, ERROR, WARNING, INFO, DEBUG]
|
|
|
130 |
level = warning
|
|
|
131 |
|
|
|
132 |
[setroubleshootd_log]
|
|
|
133 |
# level: setroubleshootd logging level. Levels are the same as in the python
|
|
|
134 |
# logging module, but are case insenstive. The defined levels in severity
|
|
|
135 |
# order are:[CRITICAL, ERROR, WARNING, INFO, DEBUG]
|
|
|
136 |
level = warning
|
|
|
137 |
|
|
|
138 |
# log_full_report: True|False, log full report analysis to journal
|
|
|
139 |
log_full_report = True
|
|
|
140 |
|