Two issues: first, I've noticed a number of times that selinux is there, which we usually have in permissive, but setroubleshoot is *not* installed. Is there be some kind of dependency or group that it should be part of that's missing? I don't see why I need to manually install it.... Second - and I thought I knew the answer to this, but guess I don't - I see AVC's in the log file, but no sealerts - how do I start it up to give me them in messages? I see auditd is running.... mark
, but setroubleshoot is *not*> installed. Is there be some kind of dependency or group that it should be > part of that's missing? I don't see why I need to manually install it.... >On EL5 (don't have a EL6 box to hand to check) it is the setroubleshoot-server package you need. Use yum provides "*/setroubleshootd" to verify.> Second - and I thought I knew the answer to this, but guess I don't - I > see AVC's in the log file, but no sealerts - how do I start it up to give > me them in messages? I see auditd is running.... >Well auditd writes to /var/log/audit/audit.log ... The sealerts in /var/log/messages you are thinking of get generated/etc by setroubleshootd.