SELinux Settings

Overview

Evidence: Selinux Settings Description: Collect Selinux Settings Category: Security Platform: Linux Short Name: selinuxs Is Parsed: Yes Sent to Investigation Hub: Yes Collect File(s): No

Background

SELinux settings provide information about mandatory access control policies and security contexts. This data is essential for understanding system security policies and detecting security policy violations.

Data Collected

This collector gathers structured data about selinux settings.

Selinux Settings Data

Field
Description
Example

ID

Primary key (auto-increment)

1

Context

SELinux context

system_u:object_r:etc_t:s0

Path

File path

/etc/passwd

Type

Context type

etc_t

User

SELinux user

system_u

Role

SELinux role

object_r

Level

SELinux level

s0

Collection Method

This collector parses the necessary data from the selinux_settings table.

This collector collects files from the following locations:

  • /etc/selinux/

  • /sys/fs/selinux/

Usage

This evidence is crucial for forensic investigations as it provides mandatory access control information. It helps investigators understand security policies, detect policy violations, and investigate access control attacks. The data can reveal security contexts, policy violations, and potential security vulnerabilities. Analysts can use this information to identify access control compromises, trace policy violations, and assess SELinux security posture.

Notes

This data may contain sensitive information that should be handled according to data protection requirements. Ensure proper chain of custody is maintained during collection and analysis.

Last updated

Was this helpful?