I made a script for extracting selinux avc errors from the message files.
Brian Bober
netdemonz at yahoo.com
Sun Apr 25 17:49:39 UTC 2004
I wrote a script that was very useful for me for logging AVC errors. It pulls
the AVC errors out of the message.* files and puts it in a seperate file. It
also allows you to log to the same files when you do a "fixfiles relabel". You
should probably clear the log file this creates before you update your policy
because the errors when you reboot will be for the old policy. The other option
is to call it more often as a cron job. Anyone reviewing log files sent in
created from this tool should probably disregard any messages that occur the
first time this is run after they update their policy.
* I recommend calling this from your rc.local:
/root/avclog.sh extract
* You can call it from fixfiles like this:
/root/avclog.sh message "fixfiles called with $1."
The script:
#!/bin/sh
# avclog.sh
#
# Script to log avc errors on SELinux box
#
# Copyright (C) 2004 Brian Bober
# Authors: Brian Bober <http://software.thenetdragon.net/>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
# Appends all avc errors from
# /var/log/messages* to /var/log/avc.log
# It also backs up the /var/log/messages* files and then clears
# the audit messages from it.
avc_file=/var/log/avc.log # Where to log
run_date=`date`
run_kernel=`uname -r`
info_msg=$2
displayHeader() {
printf "*****************************\n" >> $avc_file
echo "Date: $run_date | Kernel: $run_kernel" >> $avc_file
rpm -qa |grep policy >> $avc_file
printf "*****************************\n\n" >> $avc_file
}
displayMessage() {
# This command was just used to send a message to the log
# File. Used by fixfiles.sh
echo "$info_msg" >> $avc_file
echo "Info message logged to $avc_file"
}
extractErrors() {
# Run normally
avc_msg=0 # Errors were found/not found
echo "Parsing AVC audit errors from log files"
pushd /tmp > /dev/null
for i in `ls /var/log/message* | grep -v .bak`
do
echo " $i"
cat $i | grep -e "avc" > avc.tmp
if [ -s avc.tmp ]; then
cat avc.tmp >> $avc_file
avc_errors=1
fi
rm -f avc.tmp
# Remove avc lines
cp -f $i $i.bak
cat $i | grep -ve "avc" > msg.tmp
mv -f msg.tmp $i
done
echo "Parsing done."
if [ "$avc_errors" = "1" ]; then
echo "Audit errors (avc errors) were found."
echo "They were logged to $avc_file."
else
echo "No errors found :-)" >> $avc_file
echo "No audit errors (avc errors) found."
fi
popd > /dev/null
}
# See how we were called.
case "$1" in
extract)
displayHeader
extractErrors
;;
message)
displayHeader
displayMessage
;;
*)
echo $"Usage: $0 {extract|message}"
echo
echo "This is a helper script. Don't call it directly."
echo
echo "extract Moves avc errors from message logs to another
log file."
echo "message Prints a message to the other log file (used by
fixfiles)."
esac
printf "\n\n\n\n\n" >> $avc_file
exit 1
More information about the fedora-test-list
mailing list