Bonjour all,

Several weeks ago a test SL4.5 server was built, with quite a lot of
post-install config (gLite). The test looked ok & seemed functional, so
(after a few more tweaks including syslog.conf - that's what bit us) a
batch of servers were built & deployed.

Then we noticed in horror that none were writing to /var/log/messages & 
that lsof /dev/log showed a strange thing minilogd had control, not 
syslogd. It looked like some fatal problem between selinux (which isn't 
grok'd here) & syslogd.

The hurried solution was to set selinux to permissive & restart syslogd.
Then they log to /var/log/messages & to their central syslog server.

A bit of investigation now shows that this line
/bin/mv /root/conf/syslog.conf /etc/syslog.conf
is the culprit. Using /bin/cp instead & rebuilding a test server again,
syslogd is fine.

Many files will have changed on those deployed servers. It is warned not
to just enable selinux again:

"Changes you make to files while SELinux is disabled may give them an
unexpected security label, and new files do not have a label. You may need 
to relabel part or all of the file system after enabling SELinux again."

Briefly perusing the SElinux manual doesn't enlighten, it's too complex.

Does anyone know, is there a quick-fix very safe solution, perserving all
current files, to re-set selinux to enforcing, for the servers that now 
have to have selinux permissive for syslog to work?

Grateful for advice.