Linux command
audit2why 命令
安全
权限或系统影响较大,执行前请核对目标。
常用示例
Example
sudo audit2why
Example
sudo audit2why -i [path/to/audit.log]
Example
sudo ausearch -m avc | audit2why
Example
sudo ausearch -m avc -c [service_name] | audit2why
说明
audit2why translates SELinux denial messages from audit logs into human-readable explanations. It identifies the cause of each denial and often suggests solutions such as boolean toggles, policy modules, or file context corrections. The tool reads audit events from standard input or a specified file. It is typically used in conjunction with ausearch to filter and analyze specific types of denials.
参数
- -a, --all
- Read input from both the audit log and the message log.
- -b, --boot
- Read input from audit messages since the last boot.
- -d, --dmesg
- Read input from the output of _dmesg_(1).
- -i _file_, --input _file_
- Read audit events from the specified file instead of stdin.
- -l, --lastreload
- Read only audit events generated after the last policy reload.
- -p _file_, --policy _file_
- Use the given policy file for analysis instead of the active one.
- -w, --why
- Show the reason for each denial (default behavior for audit2why).
- -v, --verbose
- Enable verbose output.
FAQ
What is the audit2why command used for?
audit2why translates SELinux denial messages from audit logs into human-readable explanations. It identifies the cause of each denial and often suggests solutions such as boolean toggles, policy modules, or file context corrections. The tool reads audit events from standard input or a specified file. It is typically used in conjunction with ausearch to filter and analyze specific types of denials.
How do I run a basic audit2why example?
Run `sudo audit2why` in a terminal, then adjust file names, paths, flags, or remote targets for your system.
What does -a, --all do in audit2why?
Read input from both the audit log and the message log.