Confining Beats (aka SELinux policy for beats on EL)

(Fuero0) #1


I'm evaluating filebeat and auditbeat (plus the contributed journalbeat) as log shippers for our environment. I had a look at the EL packages supplied by Elasticsearch and noticed that a suitable SELinux policy was missing.

I've rolled my own for now, is there interest in supplying a policy in the RPMs? I'd be willing to share what I came up with so far.

Kind regards,

(Noémi Ványi) #2

Great news! Could you please open a PR with the policies for Filebeat and Auditbeat?

This let's us evaluate the policy.

(Fuero0) #3


(Noémi Ványi) #4


(system) #5

This topic was automatically closed after 21 days. New replies are no longer allowed.