FAQ Search Today's Posts Mark Forums Read

» Linux Archive
Home
New Posts
Search
FAQ


Go Back   Linux Archive > Redhat > Fedora SELinux Support
Reload this Page audit2allow -M local < /tmp/avcs ?

 
 
LinkBack Thread Tools
 
Old 07-07-2008, 10:02 AM
Frank Murphy
 
Default audit2allow -M local < /tmp/avcs ?
[root@frank-01 ~]# audit2allow -M local < /tmp/avcs
-bash: /tmp/avcs: No such file or directory


Where to go next.

The logs are mailed to "root@localhost" by exim.

What and where need to be allowed.

Have already done a /sbin/fixfiles relabel. (mislabelled stuff)

To allow for future logs?

Frank

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 07-07-2008, 10:08 AM
drago01
 
Default audit2allow -M local < /tmp/avcs ?
On Mon, Jul 7, 2008 at 11:02 AM, Frank Murphy <frankly3d@gmail.com> wrote:
> [root@frank-01 ~]# audit2allow -M local < /tmp/avcs
> -bash: /tmp/avcs: No such file or directory
>
>
> Where to go next.
>
> The logs are mailed to "root@localhost" by exim.
>
> What and where need to be allowed.
>
> Have already done a /sbin/fixfiles relabel. (mislabelled stuff)
>
> To allow for future logs?

/tmp/avcs ??
The logs are either in /var/log/audit.log (if audit is running)
otherwise in syslog (in this case passing -D to audit2allow will use
them)

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 07-07-2008, 10:13 AM
Frank Murphy
 
Default audit2allow -M local < /tmp/avcs ?
On Mon, 2008-07-07 at 11:08 +0200, drago01 wrote:
> On Mon, Jul 7, 2008 at 11:02 AM, Frank Murphy <frankly3d@gmail.com> wrote:
> > [root@frank-01 ~]# audit2allow -M local < /tmp/avcs
> > -bash: /tmp/avcs: No such file or directory
> >
> >
> > Where to go next.
> >
> > The logs are mailed to "root@localhost" by exim.
> >
> > What and where need to be allowed.
> >
> > Have already done a /sbin/fixfiles relabel. (mislabelled stuff)
> >
> > To allow for future logs?
>
> /tmp/avcs ??

I took that verbatim from faq, rather new to this selinux thingey.

> The logs are either in /var/log/audit.log (if audit is running)
> otherwise in syslog (in this case passing -D to audit2allow will use
> them)

audit2allow /var/log/audit/audit.log?


Frank

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 07-07-2008, 10:27 AM
drago01
 
Default audit2allow -M local < /tmp/avcs ?
On Mon, Jul 7, 2008 at 11:13 AM, Frank Murphy <frankly3d@gmail.com> wrote:
> On Mon, 2008-07-07 at 11:08 +0200, drago01 wrote:
>> On Mon, Jul 7, 2008 at 11:02 AM, Frank Murphy <frankly3d@gmail.com> wrote:
>> > [root@frank-01 ~]# audit2allow -M local < /tmp/avcs
>> > -bash: /tmp/avcs: No such file or directory
>> >
>> >
>> > Where to go next.
>> >
>> > The logs are mailed to "root@localhost" by exim.
>> >
>> > What and where need to be allowed.
>> >
>> > Have already done a /sbin/fixfiles relabel. (mislabelled stuff)
>> >
>> > To allow for future logs?
>>
>> /tmp/avcs ??
>
> I took that verbatim from faq, rather new to this selinux thingey.
>
>> The logs are either in /var/log/audit.log (if audit is running)
>> otherwise in syslog (in this case passing -D to audit2allow will use
>> them)
>
> audit2allow /var/log/audit/audit.log?

yes just use this file instead of /tmp/avcs
audit2allow -M local < /your/log/file

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 07-08-2008, 07:42 AM
Frank Murphy
 
Default audit2allow -M local < /tmp/avcs ?
On Mon, 2008-07-07 at 11:27 +0200, drago01 wrote:

> >> The logs are either in /var/log/audit.log (if audit is running)
> >> otherwise in syslog (in this case passing -D to audit2allow will use
> >> them)
> >
> > audit2allow /var/log/audit/audit.log?
>
> yes just use this file instead of /tmp/avcs
> audit2allow -M local < /your/log/file

How long mush one give to the command?
I cleared the log, waited for two avc alerts.
ran: [root@frank-03 ~]# audit2allow -M local /var/log/audit/audit.log

It's been an hour so far.

Frank

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 07-08-2008, 09:37 AM
Paul Howarth
 
Default audit2allow -M local < /tmp/avcs ?
Frank Murphy wrote:

On Mon, 2008-07-07 at 11:27 +0200, drago01 wrote:


The logs are either in /var/log/audit.log (if audit is running)
otherwise in syslog (in this case passing -D to audit2allow will use
them)

audit2allow /var/log/audit/audit.log?

yes just use this file instead of /tmp/avcs
audit2allow -M local < /your/log/file


How long mush one give to the command?
I cleared the log, waited for two avc alerts.
ran: [root@frank-03 ~]# audit2allow -M local /var/log/audit/audit.log

It's been an hour so far.


What you typed isn't what was suggested. You missed the "<".

It's waiting for the end of file on stdin, which is your terminal.

Paul.

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 07-08-2008, 09:48 AM
Frank Murphy
 
Default audit2allow -M local < /tmp/avcs ?
On Tue, 2008-07-08 at 09:37 +0100, Paul Howarth wrote:
> Frank Murphy wrote:

> >> audit2allow -M local < /your/log/file
> >

> > ran: [root@frank-03 ~]# audit2allow -M local /var/log/audit/audit.log
> >
> > It's been an hour so far.
>
> What you typed isn't what was suggested. You missed the "<".
>
> It's waiting for the end of file on stdin, which is your terminal.
>
> Paul.

Good job the eye test is tomorrow
;(

Frank

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 

Thread Tools




All times are GMT. The time now is 07:21 AM.

VBulletin, Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org

Contact Us - Linux Archive - Archive - Top -