Project

General

Profile

Actions

action #120070

closed

Upload and check the content of audit.log

Added by mloviska about 2 years ago. Updated about 2 years ago.

Status:
Resolved
Priority:
High
Assignee:
Target version:
-
Start date:
2022-11-08
Due date:
% Done:

0%

Estimated time:
Difficulty:

Description

Expand journal_check.pm to handle audit.log content. Currently, SELinux runs in permissive mode, meaning it logs denials but does not act upon them.

Search for AVC denials in /var/log/audit/audit.log.

Actions

Also available in: Atom PDF