SELinux Settings

Overview

Evidence: SELinux Settings
Description: Collect SELinux settings
Category: System
Platform: linux
Short Name: selinuxs
Is Parsed: Yes
Sent to Investigation Hub: Yes
Collect File(s): No

Background

SELinux settings provide information about mandatory access control policies and security contexts. This data is essential for understanding system security policies and detecting security policy violations.

Data Collected

This collector gathers structured data about selinux settings.

Collection Method

This collector reads SELinux settings from /etc/selinux/ and /sys/fs/selinux/ and records them into the selinux_settings table.

Forensic Value

This evidence is crucial for forensic investigations as it provides mandatory access control information. It helps investigators understand security policies, detect policy violations, and investigate access control attacks.