Pages

Monday, December 26, 2022

Fedora 37 : SeLinux alert detection from Trend Micro HouseCall.

If you use the tool from Trend Micro HouseCall for Home Networks, then it is possible that the SELinux tool from Fedora Linux will warn you with an alert.
It can be easily fixed with the following commands.
[root@fedora mythcat]# ausearch -c 'journal-offline' --raw | audit2allow -M my-journaloffline
******************** IMPORTANT ***********************
To make this policy package active, execute:

semodule -i my-journaloffline.pp

[root@fedora mythcat]# semodule -X 300 -i my-journaloffline.pp
libsemanage.semanage_get_lock: Could not get direct transaction lock at /var/lib/selinux/targeted/semanage.trans.LOCK. (Resource temporarily unavailable).
Because I got an access error to the resource, I used some Linux commands that checked the status of my selinux, I searched and stopped the process that doesn't let me access the resource and restarted the command:
[root@fedora mythcat]# cat /etc/selinux/config


SELINUX=enforcing
# SELINUXTYPE= can take one of these three values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected.
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted




[root@fedora mythcat]# ps aux | grep semodule
root        3974  4.2  5.2 211904 209952 pts/0   T    13:29   0:17 semodule -X 300 -i my-journaloffline.pp
root        4032  0.0  0.0 222424  2288 pts/0    S+   13:36   0:00 grep --color=auto semodule
[root@fedora mythcat]# kill -9 3974
[root@fedora mythcat]# semodule -X 300 -i my-journaloffline.pp
[1]+  Killed                  semodule -X 300 -i my-journaloffline.pp
[root@fedora mythcat]# semodule -X 300 -i my-journaloffline.pp
This is how the Selinux alert appears in the environment of the Fedora 37 Linux distribution.