Confining Beats (aka SELinux policy for beats on EL)

Hi,

I'm evaluating filebeat and auditbeat (plus the contributed journalbeat) as log shippers for our environment. I had a look at the EL packages supplied by Elasticsearch and noticed that a suitable SELinux policy was missing.

I've rolled my own for now, is there interest in supplying a policy in the RPMs? I'd be willing to share what I came up with so far.

Kind regards,
Robert

1 Like

Great news! Could you please open a PR with the policies for Filebeat and Auditbeat?

This let's us evaluate the policy.

Done

Thanks!

This topic was automatically closed after 21 days. New replies are no longer allowed.