tony@specialistdevelopment.com wrote:
Hi guys,
Im getting selinux alerts logged to audit.log, is there anyway to parse the alerts via the command line to get human readable alerts?
I have read that you can install setroubleshoot, but installs a huge list of dependencies for use with the gui, but i dont have a gui installed.
Any ideas?
Tony
As well as audit2allow(1) and audit2why(8), there are the aureport(8) and ausearch(8) programs; they have a huge number of options, so take time to study the man pages, but "aureport --avc" will list all the selinux denials.
Moray. "To err is human; to purr, feline."