Linux command
sealert 命令
安全
权限或系统影响较大,执行前请核对目标。
常用示例
Analyze
sudo sealert -a /var/log/audit/audit.log
Lookup
sudo sealert -l alert_id
Example
sudo sealert -b
Example
sudo sealert -a /var/log/audit/audit.log -H
说明
sealert analyzes and explains SELinux AVC (Access Vector Cache) denial messages. It provides human-readable explanations of why access was denied and suggests solutions. Part of setroubleshoot, it helps administrators understand and resolve SELinux policy violations.
参数
- -a, --analyze _file_
- Scan an audit log file for AVCs, analyze them, and write alerts to stdout.
- -l, --lookupid _id_
- Look up a specific alert by ID and write it to stdout. Use `*` to return all alerts.
- -b, --browser
- Launch the alert browser GUI.
- -f, --fix _uuid_
- Execute the fix command for the AVC with the given UUID. Requires --plugin.
- -P, --plugin _plugin_
- Specify the plugin name to use with --fix.
- -H
- Output alerts in HTML format instead of plain text (used with -l or -a).
- -s, --service
- Start the sealert D-Bus service (typically invoked by D-Bus).
- -S, --noservice
- Start sealert as a standalone application without the D-Bus service.
- -u, --user _user_
- Log on as the specified user.
- -p, --password _password_
- Set the user password.
FAQ
What is the sealert command used for?
sealert analyzes and explains SELinux AVC (Access Vector Cache) denial messages. It provides human-readable explanations of why access was denied and suggests solutions. Part of setroubleshoot, it helps administrators understand and resolve SELinux policy violations.
How do I run a basic sealert example?
Run `sudo sealert -a /var/log/audit/audit.log` in a terminal, then adjust file names, paths, flags, or remote targets for your system.
What does -a, --analyze _file_ do in sealert?
Scan an audit log file for AVCs, analyze them, and write alerts to stdout.