[access]
# client_users:  Comma-separated list of users allowed to run the client and
# connect to the local fault server and therefore see security denials. Also
# accepts '*' to allow all users to connect.
client_users = *

# fix_cmd_users:  Comma-separated list of users allowed to run the fix
# commands with root privileges. Members of this list can execute the fix
# commands specified in any alert. The command is executed with root
# privileges so you should be very caeful who you add to this list as you are
# granting them significant power to alter the security settings of this
# system. The wildcard '*' is NOT allowed.
fix_cmd_users = root

[audit]
# binary_protocol_socket_path: unix domain socket used to listen for audit
# messages (binary audit protocol)
binary_protocol_socket_path = /var/run/audit_events

# text_protocol_socket_path: unix domain socket used to listen for audit
# messages (textural audit protocol)
text_protocol_socket_path = /var/run/audispd_events

# retry_interval: number of seconds to wait before trying to connect to audit
# socket again in the event of socket failure
retry_interval = 60

[client_connect_to]
# path: No Description Available
path = /var/run/setroubleshoot/setroubleshoot_server

# address_list:  List of socket addresses server should listen on for client
# connections. Addresses should not contain any whitespace. Each address is of
# the form "[{family}]address[:port]" where [] indicates the value is
# optional. Valid values for family are inet or unix, if the family is absent
# it defaults to inet. If the family is unix the address is interpreted as a
# file path. If the family is inet the address is interpreted as either a host
# name or IP address. As a special case if the inet address is "hostname" the
# current hostname will be substituted. If the family is inet the address may
# optionally be followed by a colon (:) and a port number. If the port number
# is absent in the address it defaults to the port specified in this config
# section. Example, to listen on the local unix domain socket and provide
# remote connections use this "{unix}%(path)s, hostname"
address_list = {unix}%(path)s hostname

[connection]
# default_port: No Description Available
default_port = 69783

[database]
# database_dir: No Description Available
database_dir = /var/lib/setroubleshoot

# filename: No Description Available
filename = setroubleshoot

# max_alerts:  Keep no more than this many alerts in the database. Oldest
# alerts based on the alert's last seen date will be purged first. Zero
# implies no limit
max_alerts = 50

# max_alert_age:  Purge any alerts whose age based on its last seen date
# exceeds this threshold. Age may be specified as a sequence of integer unit
# pairs. Units may be one of year,month,week,day,hour,minute,second and may
# optionally be plural. Example: '2 weeks 1 day' sets the threshold at 15
# days. An empty string implies no limit
max_alert_age = 

[email]
# smtp_host: The SMTP server address
smtp_host = localhost

# smtp_port: The SMTP server port
smtp_port = 25

# from_address: The From: email header
from_address = SELinux_Troubleshoot

# subject: The Subject: email header
subject = SELinux AVC Alert

# recipients_filepath: Path name of file with email recipients. One address
# per line, optionally followed by enable flag. Comment character is #.
recipients_filepath = /var/lib/setroubleshoot/email_alert_recipients

[general]
# pid_file: No Description Available
pid_file = /var/run/setroubleshootd.pid

# project_url: URL of project website
project_url = https://pagure.io/setroubleshoot

[help]
# help_url: URL to user help information
help_url = https://pagure.io/docs/setroubleshoot/

# bug_report_url: URL used to report bugs
bug_report_url = http://bugzilla.redhat.com/bugzilla/enter_bug.cgi

[helper_apps]
# web_browser_launcher: Helper application to launch web browser on a URL
web_browser_launcher = /usr/bin/xdg-open

[listen_for_client]
# path: No Description Available
path = /var/run/setroubleshoot/setroubleshoot_server

# address_list:  List of socket addresses server should listen on for client
# connections. Addresses should not contain any whitespace. Each address is of
# the form "[{family}]address[:port]" where [] indicates the value is
# optional. Valid values for family are inet or unix, if the family is absent
# it defaults to inet. If the family is unix the address is interpreted as a
# file path. If the family is inet the address is interpreted as either a host
# name or IP address. As a special case if the inet address is "hostname" the
# current hostname will be substituted. If the family is inet the address may
# optionally be followed by a colon (:) and a port number. If the port number
# is absent in the address it defaults to the port specified in this config
# section. Example, to listen on the local unix domain socket and provide
# remote connections use this "{unix}%(path)s, hostname"
address_list = {unix}%(path)s

[plugins]
# plugin_dir: No Description Available
plugin_dir = /usr/share/setroubleshoot/plugins

[sealert_log]
# level:  sealert logging level. Levels are the same as in the python logging
# module, but are case insenstive. The defined levels in severity order are:
# [CRITICAL, ERROR, WARNING, INFO, DEBUG]
level = warning

[setroubleshootd_log]
# level:  setroubleshootd logging level. Levels are the same as in the python
# logging module, but are case insenstive. The defined levels in severity
# order are:[CRITICAL, ERROR, WARNING, INFO, DEBUG]
level = warning

# log_full_report: True|False, log full report analysis to journal
log_full_report = True