Getting a nice SELinux audit report
aureport can be used to look at SELinux audit reports, options include [today, this-month, this-week ..etc]. And, if you get anything in the avc row, then, you can issue the --avc -i option.
$ aureport --start today
Summary Report
======================
Range of time in logs: 10/12/2007 10:09:05.572 - 10/24/2007 14:20:01.242
Selected time for report: 10/24/2007 00:00:01 - 10/24/2007 14:20:01.242
Number of changes in configuration: 0
Number of changes to accounts, groups, or roles: 0
Number of logins: 0
Number of failed logins: 0
Number of authentications: 1
Number of failed authentications: 0
Number of users: 1
Number of terminals: 2
Number of host names: 1
Number of executables: 3
Number of files: 0
Number of AVC's: 0
Number of MAC events: 0
Number of failed syscalls: 0
Number of anomaly events: 0
Number of responses to anomaly events: 0
Number of crypto events: 0
Number of process IDs: 105
Number of events: 111
- 0 Comment
- Mike Chirico
- 08 Nov 2008, 11:31
-
You must be login first or sign-up for an account to post comments.
USERBOX
CATEGORIES
MOST READ TODAY
- Redirecting tcp / udp ports with socat
- Syntax highlighting in less
- Disabling reverse dns lookups in ssh
- Passwordless sudo setup
- Users with /bin/false shell to login on vsftpd
- Using lsof utility
- Scp resume
- dropbear rsa key problem
- Lowercase Table Names in MySQL
- Enabling remote desktop on a VirtualBox Machine
LAST ADDED
- Using iPhone internet sharing over bluetooth under Linux
- Using USB sound card with amarok
- Multi-conditional search and replace (clearing a ftp trojan script example)
- Disabling ipv6 functionality
- How to convert a mp3 file
- How to choose the fastest Debian mirror
- Disabling reverse dns lookups in ssh
- Rewriting destination ip address
- Deleting A File By It's Inode Value
- Learning which libraries are used for a binary
