SELinux contexts for Tenable software

General support questions
Post Reply
Brian-BBCM
Posts: 1
Joined: 2021/09/22 20:12:38

SELinux contexts for Tenable software

Post by Brian-BBCM » 2021/09/22 20:14:57

Hello,
We use the Tenable.sc scanner to monitor our network for compliance. As it turns out one of the only items left I need to fix has to do with the Tenable software itself. The following item are "unconfined" daemons according to SELinux. Does anyone have any recommendations on what context I should switch these two, or how else I can make them confined? Thank you

lce_wwwd
lce_clientd
tnmd
tfmd
lce_queryd
lce_tasld
lce_report_prox
lced

I was thinking of creating a new context called lce_t but didn't know if that was possible.

aks
Posts: 3073
Joined: 2014/09/20 11:22:14

Re: SELinux contexts for Tenable software

Post by aks » 2021/09/30 18:44:22

The following item are "unconfined" daemons according to SELinux. Does anyone have any recommendations on what context I should switch these two, or how else I can make them confined?
Why? They're unconfined because you manually installed them!
I was thinking of creating a new context called lce_t but didn't know if that was possible.
Yes it is, although, once again, why?

Post Reply