Chapter 6. Tools for Manipulating and Analyzing SELinux


81


Figure 6 5. seaudit Query policy Window


Full regular expression support is enabled for the Query policy window. The globbing expression


behavior used in the Modify view filtering is not available.


In the Query policy window, the policy.conf tab displays the currently active


policy.conf


from the


active policy. You need to have a policy file loaded in order to query the policy.


If you do not have the policy source installed or the file


$SELINUX_SRC/policy.conf


is not present,


you need to manually load a different policy file through File =


Open policy. For example, you can


X


use the binary policy in


$SELINUX_POLICY/policy. XY


, or a binary or source policy file from


Y


Z


another system. However, if you use a binary policy, the policy.conf tab does not appear.


With the policy loaded into the policy.conf tab, your query results include a number in parenthe 


sis, for example,


(3577)


. These numbers are hyperlinks to the corresponding line number in the


policy.conf


file. Clicking on the hyperlink takes you directly to the location in the policy.conf tab.


In the query fields, checking Include indirect matches ensures that you are searching by the source


and target values as well as any attributes that contain types identified by those same regular expres 


sions. Unchecking a set of fields, such as Target type regular expression, disables that set from the


query. This opens the query up to finding, for example, every connection from the source to every


target. To truly open the search, you can remove the Object class query field.


6.2.3. Using


seaudit report


to Generate Reports


The utility


seaudit report


is useful for generating reports of SELinux related log activity. The


command lets you specify the incoming log source, either from files or STDIN, and output to a file or


STDOUT as text or styled HTML. By piping through


seaudit report


using STDIN and STDOUT,


you can use this utility to generate automatic reports that can be sent via email or posted on an Intranet


page. The format is designed to be used by programs such as


logwatch


.


You can customize the reports generated by


seaudit report


in two ways. Visual customization


is first done in the layout of the configuration file, which determines which reports are


nested where. This continues if you use HTML output. The cascading stylesheet (CSS) at


/usr/share/setiils/seaudit report.css


can be used directly or modified to fit your needs.


Another


customization


is through


the


seaudit report


report configuration


file at


/usr/share/setools/seaudit report.conf


. This file details how to enable and disable the


standard report fields, as well as how to include customized views that have been saved from


seaudit. Here is the default configuration XML:




Statistics">


Loads">




title="Enforcement mode toggles">








footer






  


 


 


        

 


 

  

    

      
      
 Home 
      | About Us | Network 
      | Services | Support 
      | FAQ | Control Panel 
      | Order Online |
      Sitemap | Contact

      

      adult web hosting

      
 

    

  

  




Our partners: 
PHP: Hypertext Preprocessor Best Web Hosting
Java Web Hosting
Inexpensive Web Hosting 
Jsp Web Hosting 




Cheapest Web Hosting
Jsp Hosting
Cheap Hosting



Visionwebhosting.net Business web hosting division of Web 
Design Plus. All rights reserved