New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SELinux policy draft for beats #6103
Conversation
Since this is a community submitted pull request, a Jenkins build has not been kicked off automatically. Can an Elastic organization member please verify the contents of this patch and then kick off a build manually? |
@fuero I would like to have @andrewkroh a look on this one. But until he finds the time, could you sign the CLA? |
In order for us to support selinux policies for Beats we need to setup an environment where SELinux is enforcing, then execute our test suite (or a subset), and verify that there were no AVC errors in the audit log. So the next step for this in my mind is to get a CI server setup on RHEL with SELinux enforcing. |
Sorry for the late reply, I've signed the agreement a short time after posting the PR and again just now. |
Hello everyone, Any news about SELinux policy for auditbeat ? thanks. |
Pinging @elastic/siem (Team:SIEM) |
❕ Build Aborted
Expand to view the summary
Build stats
Steps errorsExpand to view the steps failures
Log outputExpand to view the last 100 lines of log output
|
❕ Build Aborted
Expand to view the summary
Build stats
Steps errorsExpand to view the steps failures
Log outputExpand to view the last 100 lines of log output
|
Hi! We're labeling this issue as |
Hi! |
@andrewkroh @ruflin @kvch This PR is still relevant. Can you reopen it or should a new PR be submitted? |
I also would be interested to see a SELinux policy for the beats |
Triggered by this discussion I'm proposing this as a draft for a EL SELinux policy confining the various beats from this repository. I've started with filebeat, auditbeat, and journalbeat.
I've added the spec file for the RPM as well, and tested this on CentOS Linux release 7.4.1708 (Core).