Linux-UNIX: Configure S-TAP for SELinux

Learn to configure S-TAP for Red Hat Security Enhanced Linux (SELinux).

About this task

Installing aGuardium®S-TAP with SELinux requires a few extra installation steps.
Note: Make sure that your S-TAP version matches the version of the Guardium appliance.

Procedure

  1. Install the S-TAP, using one of the methods described in Linux-UNIX: Install S-TAP agents installation flow.
  2. After you install the S-TAP, log into the Guardium server as root run the following commands.

    Set the enforce environment variable to 0 and open the guard_tap.ini file:

    [root@mycompany guard_stap]# setenforce 0
    [root@mycompany guard_stap]# ps -ef|grep stap
    root        9955       1  0 10:32 ?        00:00:00 /guardium/guardium/guard_stap/guard_stap /guardium/guardium/guard_stap/guard_tap.ini
    root       10038    1889  0 10:32 pts/0    00:00:00 grep --color=auto stap
    
  3. Run the following commands to enable required Guardium policies:
    [root@mycompany guard_stap]# sealert -a /var/log/audit/audit.log
    [root@mycompany guard_stap]# ausearch -c 'guard_discovery' --raw | audit2allow -M my-guarddiscovery
    [root@mycompany guard_stap]# semodule -i my-guarddiscovery.pp
    
    [root@mycompany guard_stap]# ausearch -c 'guard_stap' --raw | audit2allow -M my-guardstap
    [root@mycompany guard_stap]# semodule -i my-guardstap.pp
    
    [root@mycompany guard_stap]# ausearch -c 'guard_ktap_load' --raw | audit2allow -M my-guardktapload
    [root@mycompany guard_stap]# semodule -i my-guardktapload.pp
  4. Set the enforce environment variable back to 1.
    [root@mycompany guard_stap]# setenforce 1
  5. Restart the S-TAP.