Bash script problem [OT]

Arthur Dent selinux.list at troodos.demon.co.uk
Sat Mar 8 09:22:42 UTC 2008 

Hello all,

I run my F8 SELinux machine headless, and administer it through ssh.
This means I don't easily have many of the graphical tools available to
help.

During the early stages of my transition to "enforcing" mode I want to
keep a close eye on denials but of course I don't have the wonderful
sealert graphical troubleshooter popping up each time something happens.

So I have written this little script to check the logs using a cron job
every ten minutes. (NB I'm no expert in bash scripting - that much
should be obvious!)

The script itself works just fine when run from the command line as
root. When run from cron however (still as root), no matter what denials
there have been, ausearch *always* returns "<no matches>". I have tried
this by putting the ausearch command on a line of its own, and even with
the command ausearch -m AVC -ts yesterday (when there *were* denials) it
returns "<no matches>" wehre running the exact same command from the
command line produces the correct output.

I have no idea why this doesn't work - environment variables perhaps?

Any bash script gurus out there?

Thanks

Mark

=====8<===============================================================
#!/bin/bash

# selinux_avc_check.sh

# This script uses the "ausearch" tool which reads the SELinux 
# /var/log/audit/audit.log file.

# The "-m AVC" means search for the term AVC (denial).
# The "-ts recent" means in the last 10 minutes

# If there are no AVC denials it will report "<no matches>"
# and all will be well.
# If there is any other output (i.e there has been a denial) it
# will send an email to root to check the logs.

# It is designed to be run as a cron job every 10 mins
# */10 * * * * /root/scripts/selinux_avc_check.sh


if /sbin/ausearch -m AVC -ts recent 2>&1| grep -q no\ matches

then
	exit 1
else
	echo "SELinux AVC Denial - please check the logs!" |mail -s "SELinux AVC Denial!" root
fi

=====8<===============================================================

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20080308/fc561b12/attachment.sig>

More information about the fedora-selinux-list mailing list