SELinux Settings

Overview

Evidence: SELinux Settings Description: Collect SELinux settings Category: Other Evidence Platform: Linux Short Name: selinuxs Is Parsed: Yes Sent to Investigation Hub: Yes Collect File(s): No

Background

SELinux settings provide information about mandatory access control policies and security contexts. This data is essential for understanding system security policies and detecting security policy violations.

Data Collected

This collector gathers structured data about selinux settings.

SELinux Settings Data

Field

Description

Example

ID

Scope

Scope

Example value

Key

Key

Example value

Value

Value

Example value

Collection Method

This collector reads SELinux settings from /etc/selinux/ and /sys/fs/selinux/ and records them into the selinux_settings table.

Usage

This evidence is crucial for forensic investigations as it provides mandatory access control information. It helps investigators understand security policies, detect policy violations, and investigate access control attacks.

Notes

This data may contain sensitive information that should be handled according to data protection requirements. Ensure proper chain of custody is maintained during collection and analysis.

PreviousSELinux Configs NextSUID Binaries

Last updated 4 hours ago

Was this helpful?