Configure S-TAP (Software TAP)
for Red Hat Security-Enhanced Linux (SELinux) including installation steps and
SELinux policy adjustments.
About this task
SELinux is a security module that is used in some Linux distributions to
enforce access controls. So, you must configure Guardium®
S-TAP with
SELinux to make sure that database activity monitoring is compatible with enhanced security
configurations. By supporting S-TAP on
SELinux-enabled platforms, Guardium can
provide robust data protection and monitoring without compromising system security.
Note: Make sure that your S-TAP version matches
the version of the Guardium
appliance.
Procedure
-
Install the S-TAP by using one of
the methods described in Linux-UNIX: Install S-TAP agents installation flow.
- If you use the shell S-TAP installer, log
in to the Guardium
server as a root user and run the following commands:
Set the enforce environment variable to 0 and open the
guard_tap.ini file:
[root@mycompany guard_stap]# setenforce 0
[root@mycompany guard_stap]# ps -ef|grep stap
root 9955 1 0 10:32 ? 00:00:00 /guardium/guardium/guard_stap/guard_stap /guardium/guardium/guard_stap/guard_tap.ini
root 10038 1889 0 10:32 pts/0 00:00:00 grep --color=auto stap
- Analyze the SELinux audit logs.
sealert -a /var/log/audit/audit.log
Remember: Make sure that you follow the instructions in the command output.
- Run the following commands to enable the Guardium
policies:
[root@mycompany guard_stap]# ausearch -c 'guard_discovery' --raw | audit2allow -M my-guarddiscovery
[root@mycompany guard_stap]# semodule -i my-guarddiscovery.pp
[root@mycompany guard_stap]# ausearch -c 'guard_stap' --raw | audit2allow -M my-guardstap
[root@mycompany guard_stap]# semodule -i my-guardstap.pp
[root@mycompany guard_stap]# ausearch -c 'guard_ktap_load' --raw | audit2allow -M my-guardktapload
[root@mycompany guard_stap]# semodule -i my-guardktapload.pp
- Set the enforce environment variable back to
1.
[root@mycompany guard_stap]# setenforce 1
- Restart the S-TAP.