AVC report from command line
Dominick Grift
domg472 at gmail.com
Sat Jan 29 12:46:17 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 01/29/2011 01:42 PM, Dominick Grift wrote:
> On 01/29/2011 01:40 PM, vishesh kumar wrote:
>> I am new in SeLinux , can anyone guide me How to view AVC report from
>> command line in fedora. I am accessing my server through ssh and i
>> have no graphical interface to work with.
>
>
>
> ausearch -m avc -ts today -i
>
> man ausearch
>
> substitute today by recent, yesterday or actual time period
>
> also see man aureport
>
> avc denials go to /var/log/audit/audit.log
you can pipe avc denial lines into the input stream of the audit2why
command. that command gives an solution if there is any:
ausearch -m avc -ts today | audit2why
if you have setroubleshoot installed then it will send a message to
/var/log/messages (grep sealert /var/log/messages) these messages give
you a command /w url that you can run to view details
you may also want ot read:
http://docs.fedoraproject.org/en-US/Fedora/13/html/Security-Enhanced_Linux/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAk1EDBkACgkQMlxVo39jgT/26QCeLcQfDXLp5gBSnb7+C/m6tq/D
8FQAnin/WrZMnHtn520K4U2dMwoKlnmm
=81zT
-----END PGP SIGNATURE-----
More information about the selinux
mailing list