mirror of https://github.com/tldr-pages/tldr.git synced 2025-04-22 17:22:10 +02:00

Stanley Chinedu Ogada 2fafd6afb3

* audit2allow: add page

* audit2allow: fix man page link

* audit2allow: add a caution note and separate the install example

---------

Co-authored-by: Wiktor Perskawiec <git@spageektti.cc>

2024-09-08 14:57:12 +02:00

801 B

Raw Blame History

audit2allow

Create an SELinux local policy module to allow rules based on denied operations found in logs. Note: Use audit2allow with caution—always review the generated policy before applying it, as it may allow excessive access. More information: https://manned.org/audit2allow.

Generate a local policy to allow access for all denied services:

sudo audit2allow --all -M {{local_policy_name}}

Generate a local policy module to grant access to a specific process/service/command from the audit logs:

sudo grep {{apache2}} /var/log/audit/audit.log | sudo audit2allow -M {{local_policy_name}}

Inspect and review the Type Enforcement (.te) file for a local policy:

vim {{local_policy_name}}.te

Install a local policy module:

sudo semodule -i {{local_policy_name}}.pp

801 B Raw Blame History

audit2allow

801 B

Raw Blame History