[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Writing a program to monitor the SELinux log



Hi Jason,

I believe you actually gave the answer yourself,

SeTroubleShoot tends to achieve exactly what you want, with much less effort if you program in Python,

you can add your plugins,

the raw processing approach requires more effort to achieve what SeTroubleshoot already established

Which one is "better" actually depends on what you want to achieve, your deadline and programming/scripting language that you want to work with

Sincerely,

Patrick K.

On 10/11/2011 11:07 PM, Jason Axelson wrote:
Hi,

I am writing a program that will monitor the SELinux log for AVC violations
and deal with them appropriately. Currently I am looking at approaches to
monitor the SELinux log.

One approach is to do raw monitoring of /var/log/audit/audit.log with
something like:
     tail -f /var/log/audit/audit.log | ausearch -m avc

A second approach may be to implement an SETroubleShoot plugin:
https://fedorahosted.org/setroubleshoot/wiki/SETroubleShoot%20Overview

I'm kind of leaning towards an SETroubleShoot plugin since it seems like less
new development and the infrastructure seems to be already there.

Is this a valid approach? Is there a better way?

Thanks,
Jason

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.


[Fedora Users]     [Fedora Legacy]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

Powered by Linux