[SCRIPT] avctree 1.0.4
Lee Kok Seng
kokseng at ieee.org
Fri May 18 09:09:55 UTC 2007
On 18 May 2007, at 7:35 AM, Rahul Sundaram wrote:
> Lee Kok Seng wrote:
>> Hello,
>> Here is version 1.0.4 of the script previously posted.
>> a. Added regular expression (perl) to select messages to display
>> e.g avctree --re="context=~/java/" will show any avc
>> message that has 'java' in
>> scontext *or* tcontext.
>> e.g avctree --re="*=~/initrc/" will show any avc messages
>> that has 'su' anywhere.
>> b. Added message selection based on age of message
>> e.g avctree --age 3h will show avc messages not older than 3
>> hours from when you run the script.
>> c. Added 'unique' format of print
>> e.g avctree --uniq will show avc messages that are unique
>> once, i.e. scontext, tcontext, comm,
>> name, dev, ino, key all match up (except time tag, audit tag,
>> pid ... so, use with this in mind)
>> Try this: avctree --uniq --age 1d
>> /ks
>
> How about submitting and maintaining this as a package in Fedora?
>
> http://fedoraproject.org/wiki/PackageMaintainers/Join
>
> Rahul
>
No issue with me, but this is a simple script, does it warrant being
a package?
Let me understand more what kind of work it takes to going down that
path.
More information about the selinux
mailing list