SBM Labs

Cyber Security Collaboration Project

SELinux Policy for custom Rsyslog configuration
08 Nov 2016

1. Change SELinux Policy for allowed input Rsyslog ports.

Get allowed input Rsyslog ports:
# semanage port -l | grep syslogd_port_t

Add new input Rsyslog port:
# semanage port -a -t syslogd_port_t -p udp 5514

Check allowed input Rsyslog ports:
# semanage port -l | grep syslogd_port_t

1. Change SELinux Policy for allowed output Rsyslog directories.

Get allowed output Rsyslog directories:
# semanage fcontext -l | grep var_log_t

Add new allowed output Rsyslog directory:
# semanage fcontext -a -t var_log_t "/mnt/rsyslog_output(/.*)?"
# restorecon -Rv /mnt/rsyslog_output/

Check allowed output Rsyslog directories:
# semanage fcontext -l | grep rsyslog_output | grep var_log_t

P.S. In order to get current context of file system object use "ls" tool with flag "-Z". Example,
# ls -laZ [OBJECT_NAME]

Log file transfer using Syslog
Logging configuration for easy search in Linux