SELinux tips and hacks

BASH Functions To Manipulate selinux Policy

function chkaudit {
GETENFORCE="$(which getenforce)"
if [ "$EUID" != "0" ] || [ "$USER" != "root" ]
then
echo "chkaudit must be run as root."
else
if [ -e "$GETENFORCE" ]
then
CHK="$($GETENFORCE)"
if [[ $CHK == "Enforcing" ]]
then
AUDIT="$(locate audit.log | grep /audit.log$)"
A2A="$(which audit2allow)"
echo "Checking $AUDIT for violations..."
$A2A < $AUDIT
fi
fi
fi
}

function mkpolicy {
GETENFORCE="$(which getenforce)"
if [ "$EUID" != "0" ] || [ "$USER" != "root" ]
then
echo "mkpolicy must be run as root."
else
if [ -e "$GETENFORCE" ]
then
CHK="$($GETENFORCE)"
if [[ $CHK == "Enforcing" ]]
then
AUDIT="$(locate audit.log | grep /audit.log$)"
A2A="$(which audit2allow)"
echo "Updating SELinux policy..."
$A2A -M local < $AUDIT
fi
fi
fi
}
selinux/tips.txt · Last modified: 2010/01/30 13:25 by a
CC Attribution-Share Alike 4.0 International
Driven by DokuWiki Recent changes RSS feed Valid CSS Valid XHTML 1.0 ipv6 ready