80
Chapter 6. Tools for Manipulating and Analyzing SELinux
Glob Type
Behavior
[!...]
When the
!
opens the expression, it signifies a complement
of the character or range that follows. This globbing pattern
uses a list. Complementation is a mathematical term, and in
this cases means, "not the character or range that follows."
For example,
1[!4 6]0
matches any combination from
110
to
190
except
150
, that is, "not the number that is in the
range of 4 to 6." The range is not inclusive, which means
[!4 6]
can only mean
!5
, and does not mean
!4
,
!5
,
!6
.
^ $
The caret and the dollar sign signify that you want to anchor
the search so that the string itself is searched for without
anything before or after it. For example, ^httpd_suexec$ is
searching for just
httpd_suexec
and not
httpd_suexec_exec_t
. To open up one end of the search,
replace the
^
or
$
with a different globbing mechanism.
Table 6 2. Globbing Expressions in seaudit
You can combine the globbing expressions for increased capability. For example,
h[a z]*ly
finds
patterns such as
hzfooly
,
hazily
,
hardly
,
hardily
, and so forth.
All of these search functions are described in additional detail with examples in the seaudit
help documentation. This is viewable through Help =
Help, which opens the file from
U
/usr/share/doc/setools  version /seaudit_help.txt
.
V
W
You can open multiple views into the same log by opening additional tabs. View =
New creates a
U
new view of the log in a different tab, and you can sort and filter this log. This helps when you are
sorting through complex denials trying to find root causes.
Back in the main audit log view window, you can get more information on each individual log entry.
By double clicking on the entry, or right clicking and choosing View Entire Message, the individual
log entry is opened in a pop up window. You can also get to this view through View =
View Entire
U
Message, which displays the selected message. If more than one message is selected, the top one is
displayed.
There are two additional right click commands. Query Policy Using Message opens a Query Policy
window with the search parameters populated with details from that single message. This is explained
in Section 6.2.2 Searching and Querying in seaudit. The last right click menu option is Export Mes 
sage to File, which lets you save a log file containing the single message.
6.2.2. Searching and Querying in seaudit
A more complex method of analyzing your audit messages is to look for pertinent rules in the policy.
You can use the elements of the denial message in the queries. The query tool in seaudit is similar to
the TE rules query capability in apol. This is helpful for conducting SELinux work involving log and
policy analysis.
Clicking on Query policy or Search =
Query policy opens the Query Policy window. If you have
U
a log highlighted, the fields are pre filled with the log entry details.






footer




 

 

 

 

 Home | About Us | Network | Services | Support | FAQ | Control Panel | Order Online | Sitemap | Contact

adult web hosting

 

Our partners: PHP: Hypertext Preprocessor Best Web Hosting Java Web Hosting Inexpensive Web Hosting  Jsp Web Hosting

Cheapest Web Hosting Jsp Hosting Cheap Hosting

Visionwebhosting.net Business web hosting division of Web Design Plus. All rights reserved