audit2why - phpMan

Command: man perldoc info search(apropos)  

AUDIT2WHY(8)                          NSA                         AUDIT2WHY(8)



NAME
       audit2why  - Translates SELinux audit messages into a description of why the access
       was denied

SYNOPSIS
       audit2why [options]

OPTIONS
       --help Print a short usage message

       -p <policyfile>
              Specify an alternate policy file.

DESCRIPTION
       This utility processes SELinux audit messages from standard input and  and  reports
       which  component of the policy caused each permission denial based on the specified
       policy file if the -p option was used or the active policy  otherwise.   There  are
       three possible causes: 1) a missing or disabled TE allow rule, 2) a constraint vio-
       lation, or 3) a missing role allow rule.   In the first case, the TE allow rule may
       exist  in the policy but may be disabled due to boolean settings.  See booleans(8).
       If the allow rule is not present at all, it can be  generated  via  audit2allow(1).
       In  the second case, a constraint is being violated; see policy/constraints or pol-
       icy/mls to identify the particular constraint.  Typically, this can be resolved  by
       adding  a  type  attribute to the domain.  In the third case, a role transition was
       attempted but no allow rule existed for the role pair.  This  can  be  resolved  by
       adding an allow rule for the role pair to the policy.


EXAMPLE
       $ /usr/sbin/audit2why < /var/log/audit/audit.log

       type=KERNEL msg=audit(1115316408.926:336418): avc:  denied  { getattr } for  path=/home/sds dev=hda5 ino=1175041 scontext=root:secadm_r:secadm_t:s0-s9:c0.c127 tcontext=user_u:object_r:user_home_dir_t:s0 tclass=dir
               Was caused by:
                       Missing or disabled TE allow rule.
                       Allow rules may exist but be disabled by boolean settings; check boolean settings.
                       You can see the necessary allow rules by running audit2allow with this audit message as input.

       type=KERNEL msg=audit(1115320071.648:606858): avc:  denied  { append } for  name=.bash_history dev=hda5 ino=1175047 scontext=user_u:user_r:user_t:s1-s9:c0.c127 tcontext=user_u:object_r:user_home_t:s0 tclass=file
               Was caused by:
                       Constraint violation.
                       Check policy/constraints.
                       Typically, you just need to add a type attribute to the domain to satisfy the constraint.


AUTHOR
       This  manual  page  was written by Dan Walsh <dwalsh AT redhat.com>, audit2why utility
       was written by Stephen Smalley <sds AT tycho.gov>.



Security Enhanced Linux            May 2005                       AUDIT2WHY(8)

Generated by $Id: phpMan.php,v 4.55 2007/09/05 04:42:51 chedong Exp $ Author: Che Dong
On Apache/1.3.41 (Unix) PHP/5.2.5 mod_perl/1.30 mod_gzip/1.3.26.1a
Under GNU General Public License
2008-08-28 12:12 @38.103.63.61 CrawledBy CCBot/1.0 (+http://www.commoncrawl.org/bot.html)
Valid XHTML 1.0!Valid CSS!