Confining Beats (aka SELinux policy for beats on EL)

fuero0 · January 18, 2018, 12:12pm

Hi,

I'm evaluating filebeat and auditbeat (plus the contributed journalbeat) as log shippers for our environment. I had a look at the EL packages supplied by Elasticsearch and noticed that a suitable SELinux policy was missing.

I've rolled my own for now, is there interest in supplying a policy in the RPMs? I'd be willing to share what I came up with so far.

Kind regards,
Robert

kvch · January 18, 2018, 12:20pm

Great news! Could you please open a PR with the policies for Filebeat and Auditbeat?

This let's us evaluate the policy.

fuero0 · January 18, 2018, 2:24pm

Done

kvch · January 18, 2018, 4:15pm

Thanks!

system · February 8, 2018, 12:12pm

This topic was automatically closed after 21 days. New replies are no longer allowed.

Topic		Replies	Views
Journalbeat - ship from journald to ELK Beats beats-development	12	18364	July 5, 2017
Clarification regarding filebeat and metricbeat support policy Beats filebeat , metricbeat	4	240	October 17, 2023
Filebeat is not sending data to Elasticsearch Beats docker , filebeat	10	1504	January 6, 2022
Exploring beats for Windows EventLog capture Beats beats-development	3	3138	July 5, 2017
Dec 3rd, 2023: [EN] Serverless Observability: How Beats alerts help you save Christmas Advent Calendar	1	252	December 31, 2023

Confining Beats (aka SELinux policy for beats on EL)

Related Topics