The OpenNET Project / Index page

[ новости /+++ | форум | теги | ]

Интерактивная система просмотра системных руководств (man-ов)

 ТемаНаборКатегория 
 
 [Cписок руководств | Печать]

audit2why (8)
  • audit2why (8) ( Русские man: Команды системного администрирования )
  • >> audit2why (8) ( Linux man: Команды системного администрирования )
  •  

    NAME

    audit2why - Translates SELinux audit messages into a description of why the access was denied
     
    

    SYNOPSIS

    audit2why [options]  

    OPTIONS

    --help Print a short usage message
    -p <policyfile>
    Specify an alternate policy file.
     

    DESCRIPTION

    This utility processes SELinux audit messages from standard input and and reports which component of the policy caused each permission denial based on the specified policy file if the -p option was used or the active policy otherwise. There are three possible causes: 1) a missing or disabled TE allow rule, 2) a constraint violation, or 3) a missing role allow rule. In the first case, the TE allow rule may exist in the policy but may be disabled due to boolean settings. See booleans(8). If the allow rule is not present at all, it can be generated via audit2allow(1). In the second case, a constraint is being violated; see policy/constraints or policy/mls to identify the particular constraint. Typically, this can be resolved by adding a type attribute to the domain. In the third case, a role transition was attempted but no allow rule existed for the role pair. This can be resolved by adding an allow rule for the role pair to the policy.

     

    EXAMPLE

    $ /usr/sbin/audit2why < /var/log/audit/audit.log
    
    type=KERNEL msg=audit(1115316408.926:336418): avc:  denied  { getattr } for  path=/home/sds dev=hda5 ino=1175041 scontext=root:secadm_r:secadm_t:s0-s9:c0.c127 tcontext=user_u:object_r:user_home_dir_t:s0 tclass=dir
            Was caused by:
                    Missing or disabled TE allow rule.
                    Allow rules may exist but be disabled by boolean settings; check boolean settings.
                    You can see the necessary allow rules by running audit2allow with this audit message as input.
    
    type=KERNEL msg=audit(1115320071.648:606858): avc:  denied  { append } for  name=.bash_history dev=hda5 ino=1175047 scontext=user_u:user_r:user_t:s1-s9:c0.c127 tcontext=user_u:object_r:user_home_t:s0 tclass=file
            Was caused by:
                    Constraint violation.
                    Check policy/constraints.
                    Typically, you just need to add a type attribute to the domain to satisfy the constraint.
    

     

    AUTHOR

    This manual page was written by Dan Walsh <dwalsh@redhat.com>, audit2why utility was written by Stephen Smalley <sds@tycho.nsa.gov>.


     

    Index

    NAME
    SYNOPSIS
    OPTIONS
    DESCRIPTION
    EXAMPLE
    AUTHOR


    Поиск по тексту MAN-ов: 




    Партнёры:
    PostgresPro
    Inferno Solutions
    Hosting by Hoster.ru
    Хостинг:

    Закладки на сайте
    Проследить за страницей
    Created 1996-2024 by Maxim Chirkov
    Добавить, Поддержать, Вебмастеру