Customize SELinux Enforcing Mode Policies for Tenable Security Center

Security-Enhanced Linux (SELinux) enforcing mode policies require customization to interact with Tenable Security Center.

Tenable Support does not assist with customizing SELinux policies, but Tenable recommends monitoring your SELinux logs to identify errors and solutions for your policy configuration.

Before you begin:

  • Install the SELinux sealert tool in a test environment that resembles your production environment.

To monitor your SELinux logs to identify errors and solutions:

  1. Run the sealert tool, where /var/log/audit/audit.log is the location of your SELinux audit log:

    sealert -a /var/log/audit/audit.log

    The tool runs and generates a summary of error alerts and solutions. For example:

    SELinux is preventing /usr/sbin/sshd from write access on the sock_file /dev/log

    SELinux is preventing /usr/libexec/postfix/pickup from using the rlimitinh access on a process.

  2. Execute the recommended solution for each error alert.

  3. Restart Tenable Security Center, as described in Start, Stop, or Restart Tenable Security Center.

    Tenable Security Center restarts.

  4. Run the sealert tool again to confirm you resolved the error alerts.