Skip to content
/ avcs Public

Small wrapper around ausearch to make SELinux AVCs easier to read

License

GPL-3.0 license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

jsegitz/avcs

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
avcs.rb
avcs.rb
 
 
screenshot.jpg
screenshot.jpg
 
 

Repository files navigation

avcs

Small wrapper around ausearch to make SELinux AVCs easier to read

Screenshot of the output the tool generates

Usage

All command line flags are passed to ausearch, apart from --stdin. With this flag you can paste AVCs in the tool instead of getting them via ausearch. If you get the AVCs from ausearch you'll need to run this as root.

Examples

avcs.rb will analyze all AVCs in the audit log

avcs.rb -ts recent will analyze only recent AVCS

avcs.rb --stdin will read AVCs from STDIN until EOF and use those

Run as container

If your system doesn't have ruby you can build a container with the provided Dockerfile. E.g.

podman build . -t avc

then run it

podman run --privileged -v /var/log/audit/:/var/log/audit avc -ts recent

About

Small wrapper around ausearch to make SELinux AVCs easier to read

Resources

Readme

License

GPL-3.0 license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages