Evidence: SELinux Settings
Description: Collect SELinux settings
Category: System
Platform: linux
Short Name: selinuxs
Is Parsed: Yes
Sent to Investigation Hub: Yes
Collect File(s): No
Background
SELinux settings provide information about mandatory access control policies and security contexts. This data is essential for understanding system security policies and detecting security policy violations.
Data Collected
This collector gathers structured data about selinux settings.
Collection Method
This collector reads SELinux settings from /etc/selinux/ and /sys/fs/selinux/ and records them into the selinux_settings table.
Forensic Value
This evidence is crucial for forensic investigations as it provides mandatory access control information. It helps investigators understand security policies, detect policy violations, and investigate access control attacks.
