Learn to configure S-TAP for Red Hat
Security Enhanced Linux (SELinux).
About this task
Installing a
Guardium®S-TAP with
SELinux requires a few extra installation steps.
Note: Make sure that your S-TAP version matches
the version of the Guardium
appliance.
Procedure
-
Install the S-TAP, using one of
the methods described in Linux-UNIX: Install S-TAP agents installation flow.
- After you install the S-TAP, log into the
Guardium
server as root run the following commands.
Set the enforce environment variable to 0 and open the
guard_tap.ini file:
[root@mycompany guard_stap]# setenforce 0
[root@mycompany guard_stap]# ps -ef|grep stap
root 9955 1 0 10:32 ? 00:00:00 /guardium/guardium/guard_stap/guard_stap /guardium/guardium/guard_stap/guard_tap.ini
root 10038 1889 0 10:32 pts/0 00:00:00 grep --color=auto stap
- Run the following commands to enable required Guardium
policies:
[root@mycompany guard_stap]# sealert -a /var/log/audit/audit.log
[root@mycompany guard_stap]# ausearch -c 'guard_discovery' --raw | audit2allow -M my-guarddiscovery
[root@mycompany guard_stap]# semodule -i my-guarddiscovery.pp
[root@mycompany guard_stap]# ausearch -c 'guard_stap' --raw | audit2allow -M my-guardstap
[root@mycompany guard_stap]# semodule -i my-guardstap.pp
[root@mycompany guard_stap]# ausearch -c 'guard_ktap_load' --raw | audit2allow -M my-guardktapload
[root@mycompany guard_stap]# semodule -i my-guardktapload.pp
- Set the enforce environment variable back to
1.
[root@mycompany guard_stap]# setenforce 1
- Restart the S-TAP.