Selinux Alerts

[Moray Henderson]

tony at specialistdevelopment.com wrote:
>Hi guys,
>
>Im getting selinux alerts logged to audit.log, is there anyway to
>parse the alerts via the command line to get human readable alerts?
>
>I have read that you can install setroubleshoot, but installs a huge
>list of dependencies for use with the gui, but i dont have a gui
>installed.
>
>Any ideas?
>
>Tony

As well as audit2allow(1) and audit2why(8), there are the aureport(8)
and ausearch(8) programs; they have a huge number of options, so take
time to study the man pages, but "aureport --avc" will list all the
selinux denials.


Moray.
"To err is human; to purr, feline."