Chapter 6. Tools for Manipulating and Analyzing SELinux
81
Figure 6 5. seaudit Query policy Window
Full regular expression support is enabled for the Query policy window. The globbing expression
behavior used in the Modify view filtering is not available.
In the Query policy window, the policy.conf tab displays the currently active
policy.conf
from the
active policy. You need to have a policy file loaded in order to query the policy.
If you do not have the policy source installed or the file
$SELINUX_SRC/policy.conf
is not present,
you need to manually load a different policy file through File =
Open policy. For example, you can
X
use the binary policy in
$SELINUX_POLICY/policy. XY
, or a binary or source policy file from
Y
Z
another system. However, if you use a binary policy, the policy.conf tab does not appear.
With the policy loaded into the policy.conf tab, your query results include a number in parenthe
sis, for example,
(3577)
. These numbers are hyperlinks to the corresponding line number in the
policy.conf
file. Clicking on the hyperlink takes you directly to the location in the policy.conf tab.
In the query fields, checking Include indirect matches ensures that you are searching by the source
and target values as well as any attributes that contain types identified by those same regular expres
sions. Unchecking a set of fields, such as Target type regular expression, disables that set from the
query. This opens the query up to finding, for example, every connection from the source to every
target. To truly open the search, you can remove the Object class query field.
6.2.3. Using
seaudit report
to Generate Reports
The utility
seaudit report
is useful for generating reports of SELinux related log activity. The
command lets you specify the incoming log source, either from files or STDIN, and output to a file or
STDOUT as text or styled HTML. By piping through
seaudit report
using STDIN and STDOUT,
you can use this utility to generate automatic reports that can be sent via email or posted on an Intranet
page. The format is designed to be used by programs such as
logwatch
.
You can customize the reports generated by
seaudit report
in two ways. Visual customization
is first done in the layout of the configuration file, which determines which reports are
nested where. This continues if you use HTML output. The cascading stylesheet (CSS) at
/usr/share/setiils/seaudit report.css
can be used directly or modified to fit your needs.
Another
customization
is through
the
seaudit report
report configuration
file at
/usr/share/setools/seaudit report.conf
. This file details how to enable and disable the
standard report fields, as well as how to include customized views that have been saved from
seaudit. Here is the default configuration XML:
Statistics">
Loads">
title="Enforcement mode toggles">
footer
Our partners:
PHP: Hypertext Preprocessor Best Web Hosting
Java Web Hosting
Inexpensive Web Hosting
Jsp Web Hosting
Cheapest Web Hosting
Jsp Hosting
Cheap Hosting
Visionwebhosting.net Business web hosting division of Web
Design Plus. All rights reserved