SELinux Settings
Overview
Evidence: Selinux Settings Description: Collect Selinux Settings Category: Security Platform: Linux Short Name: selinuxs Is Parsed: Yes Sent to Investigation Hub: Yes Collect File(s): No
Background
SELinux settings provide information about mandatory access control policies and security contexts. This data is essential for understanding system security policies and detecting security policy violations.
Data Collected
This collector gathers structured data about selinux settings.
Selinux Settings Data
ID
Primary key (auto-increment)
1
Context
SELinux context
system_u:object_r:etc_t:s0
Path
File path
/etc/passwd
Type
Context type
etc_t
User
SELinux user
system_u
Role
SELinux role
object_r
Level
SELinux level
s0
Collection Method
This collector parses the necessary data from the selinux_settings
table.
This collector collects files from the following locations:
/etc/selinux/
/sys/fs/selinux/
Usage
This evidence is crucial for forensic investigations as it provides mandatory access control information. It helps investigators understand security policies, detect policy violations, and investigate access control attacks. The data can reveal security contexts, policy violations, and potential security vulnerabilities. Analysts can use this information to identify access control compromises, trace policy violations, and assess SELinux security posture.
Notes
This data may contain sensitive information that should be handled according to data protection requirements. Ensure proper chain of custody is maintained during collection and analysis.
Last updated
Was this helpful?