SELinux Settings

Overview

Evidence: SELinux Settings Description: Collect SELinux settings Category: System Platform: linux Short Name: selinuxs Is Parsed: Yes Sent to Investigation Hub: Yes Collect File(s): No

Background

SELinux settings provide information about mandatory access control policies and security contexts. This data is essential for understanding system security policies and detecting security policy violations.

Data Collected

This collector gathers structured data about selinux settings.

Collection Method

This collector reads SELinux settings from /etc/selinux/ and /sys/fs/selinux/ and records them into the selinux_settings table.

Forensic Value

This evidence is crucial for forensic investigations as it provides mandatory access control information. It helps investigators understand security policies, detect policy violations, and investigate access control attacks.

PreviousSELinux Configs NextShadow

Last updated 3 days ago

Was this helpful?