si eso lo se, pero si desactivo el selinux, no quedare sin proteccion??
y mira ya lo desactive y volvi a levantar el servicio de psad y sin empbargo el selinux me dice esto.. y eso q ya lo desactive...

Resúmen:

SELinux is preventing iptables (iptables_t) "write" to /var/log/psad/psad.iptout
(var_log_t).

Descripción Detallada:

SELinux is preventing iptables (iptables_t) "write" to /var/log/psad/psad.iptout
(var_log_t). The SELinux type var_log_t, is a generic type for all files in the
directory and very few processes (SELinux Domains) are allowed to write to this
SELinux type. This type of denial usual indicates a mislabeled file. By default
a file created in a directory has the gets the context of the parent directory,
but SELinux policy has rules about the creation of directories, that say if a
process running in one SELinux Domain (D1) creates a file in a directory with a
particular SELinux File Context (F1) the file gets a different File Context
(F2). The policy usually allows the SELinux Domain (D1) the ability to write,
unlink, and append on (F2). But if for some reason a file
(/var/log/psad/psad.iptout) was created with the wrong context, this domain will
be denied. The usual solution to this problem is to reset the file context on
the target file, restorecon -v '/var/log/psad/psad.iptout'. If the file context
does not change from var_log_t, then this is probably a bug in policy. Please
file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against
the selinux-policy package. If it does change, you can try your application
again to see if it works. The file context could have been mislabeled by editing
the file or moving the file from a different directory, if the file keeps
getting mislabeled, check the init scripts to see if they are doing something to
mislabel the file.

Permitiendo Acceso:

You can attempt to fix file context by executing restorecon -v
'/var/log/psad/psad.iptout'

El siguiente comando permitirá este acceso:

restorecon '/var/log/psad/psad.iptout'

Información Adicional:

Contexto Fuente system_u:system_r:iptables_t
Contexto Destino root:object_r:var_log_t
Objetos Destino /var/log/psad/psad.iptout [ file ]
Source iptables
Source Path /sbin/iptables
Port
Host localhost.localdomain
Source RPM Packages iptables-1.3.5-4.el5
Target RPM Packages
RPM de Políticas selinux-policy-2.4.6-203.el5
SELinux Activado True
Tipo de Política targeted
MLS Activado True
Modo Obediente Enforcing
Nombre de Plugin mislabeled_file
Nombre de Equipo localhost.localdomain
Plataforma Linux localhost.localdomain 2.6.18-164.el5 #1 SMP
Thu Sep 3 03:33:56 EDT 2009 i686 i686
Cantidad de Alertas 18
First Seen jue 01 oct 2009 08:12:45 ECT
Last Seen vie 02 oct 2009 12:53:01 ECT
Local ID d75949dd-b272-4e7d-ac5d-37089c4483fb
Números de Línea

Mensajes de Auditoría Crudos

host=localhost.localdomain type=AVC msg=audit(1254505981.675:17): avc: denied { write } for pid=2911 comm="iptables" path="/var/log/psad/psad.iptout" dev=sda2 ino=22939671 scontext=system_u:system_r:iptables_t:s0 tcontext=root:object_r:var_log_t:s0 tclass=file

host=localhost.localdomain type=AVC msg=audit(1254505981.675:17): avc: denied { write } for pid=2911 comm="iptables" path="/var/log/psad/psad.ipterr" dev=sda2 ino=22939672 scontext=system_u:system_r:iptables_t:s0 tcontext=root:object_r:var_log_t:s0 tclass=file

host=localhost.localdomain type=SYSCALL msg=audit(1254505981.675:17): arch=40000003 syscall=11 success=yes exit=0 a0=98a3120 a1=98a31c0 a2=98a2368 a3=0 items=0 ppid=2910 pid=2911 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/sbin/iptables" subj=system_u:system_r:iptables_t:s0 key=(null)