Edit file File name : setroubleshoot.conf Content :[access] # client_users: Comma-separated list of users allowed to run the client and # connect to the local fault server and therefore see security denials. Also # accepts '*' to allow all users to connect. client_users = * # fix_cmd_users: Comma-separated list of users allowed to run the fix # commands with root privileges. Members of this list can execute the fix # commands specified in any alert. The command is executed with root # privileges so you should be very caeful who you add to this list as you are # granting them significant power to alter the security settings of this # system. The wildcard '*' is NOT allowed. fix_cmd_users = root [audit] # binary_protocol_socket_path: unix domain socket used to listen for audit # messages (binary audit protocol) binary_protocol_socket_path = /var/run/audit_events # text_protocol_socket_path: unix domain socket used to listen for audit # messages (textural audit protocol) text_protocol_socket_path = /var/run/audispd_events # retry_interval: number of seconds to wait before trying to connect to audit # socket again in the event of socket failure retry_interval = 60 [client_connect_to] # path: No Description Available path = /var/run/setroubleshoot/setroubleshoot_server # address_list: List of socket addresses server should listen on for client # connections. Addresses should not contain any whitespace. Each address is of # the form "[{family}]address[:port]" where [] indicates the value is # optional. Valid values for family are inet or unix, if the family is absent # it defaults to inet. If the family is unix the address is interpreted as a # file path. If the family is inet the address is interpreted as either a host # name or IP address. As a special case if the inet address is "hostname" the # current hostname will be substituted. If the family is inet the address may # optionally be followed by a colon (:) and a port number. If the port number # is absent in the address it defaults to the port specified in this config # section. Example, to listen on the local unix domain socket and provide # remote connections use this "{unix}%(path)s, hostname" address_list = {unix}%(path)s hostname [connection] # default_port: No Description Available default_port = 69783 [database] # database_dir: No Description Available database_dir = /var/lib/setroubleshoot # filename: No Description Available filename = setroubleshoot # max_alerts: Keep no more than this many alerts in the database. Oldest # alerts based on the alert's last seen date will be purged first. Zero # implies no limit max_alerts = 50 # max_alert_age: Purge any alerts whose age based on its last seen date # exceeds this threshold. Age may be specified as a sequence of integer unit # pairs. Units may be one of year,month,week,day,hour,minute,second and may # optionally be plural. Example: '2 weeks 1 day' sets the threshold at 15 # days. An empty string implies no limit max_alert_age = [email] # smtp_host: The SMTP server address smtp_host = localhost # smtp_port: The SMTP server port smtp_port = 25 # from_address: The From: email header from_address = SELinux_Troubleshoot # subject: The Subject: email header subject = SELinux AVC Alert # recipients_filepath: Path name of file with email recipients. One address # per line, optionally followed by enable flag. Comment character is #. recipients_filepath = /var/lib/setroubleshoot/email_alert_recipients [general] # pid_file: No Description Available pid_file = /var/run/setroubleshootd.pid # project_url: URL of project website project_url = https://pagure.io/setroubleshoot [help] # help_url: URL to user help information help_url = https://pagure.io/docs/setroubleshoot/ # bug_report_url: URL used to report bugs bug_report_url = http://bugzilla.redhat.com/bugzilla/enter_bug.cgi [helper_apps] # web_browser_launcher: Helper application to launch web browser on a URL web_browser_launcher = /usr/bin/xdg-open [listen_for_client] # path: No Description Available path = /var/run/setroubleshoot/setroubleshoot_server # address_list: List of socket addresses server should listen on for client # connections. Addresses should not contain any whitespace. Each address is of # the form "[{family}]address[:port]" where [] indicates the value is # optional. Valid values for family are inet or unix, if the family is absent # it defaults to inet. If the family is unix the address is interpreted as a # file path. If the family is inet the address is interpreted as either a host # name or IP address. As a special case if the inet address is "hostname" the # current hostname will be substituted. If the family is inet the address may # optionally be followed by a colon (:) and a port number. If the port number # is absent in the address it defaults to the port specified in this config # section. Example, to listen on the local unix domain socket and provide # remote connections use this "{unix}%(path)s, hostname" address_list = {unix}%(path)s [plugins] # plugin_dir: No Description Available plugin_dir = /usr/share/setroubleshoot/plugins [sealert_log] # level: sealert logging level. Levels are the same as in the python logging # module, but are case insenstive. The defined levels in severity order are: # [CRITICAL, ERROR, WARNING, INFO, DEBUG] level = warning [setroubleshootd_log] # level: setroubleshootd logging level. Levels are the same as in the python # logging module, but are case insenstive. The defined levels in severity # order are:[CRITICAL, ERROR, WARNING, INFO, DEBUG] level = warning # log_full_report: True|False, log full report analysis to journal log_full_report = True Save