mirror of
https://github.com/tldr-pages/tldr.git
synced 2025-04-22 22:22:18 +02:00
2fafd6afb3
* audit2allow: add page * audit2allow: fix man page link * audit2allow: add a caution note and separate the install example --------- Co-authored-by: Wiktor Perskawiec <git@spageektti.cc>
21 lines
801 B
Markdown
21 lines
801 B
Markdown
# audit2allow
|
|
|
|
> Create an SELinux local policy module to allow rules based on denied operations found in logs.
|
|
> Note: Use audit2allow with caution—always review the generated policy before applying it, as it may allow excessive access.
|
|
> More information: <https://manned.org/audit2allow>.
|
|
|
|
- Generate a local policy to allow access for all denied services:
|
|
|
|
`sudo audit2allow --all -M {{local_policy_name}}`
|
|
|
|
- Generate a local policy module to grant access to a specific process/service/command from the audit logs:
|
|
|
|
`sudo grep {{apache2}} /var/log/audit/audit.log | sudo audit2allow -M {{local_policy_name}}`
|
|
|
|
- Inspect and review the Type Enforcement (.te) file for a local policy:
|
|
|
|
`vim {{local_policy_name}}.te`
|
|
|
|
- Install a local policy module:
|
|
|
|
`sudo semodule -i {{local_policy_name}}.pp`
|