[WLUG] Washtenaw Linux Users Group Meeting 8/21/2014
Jonathan Billings
billings at negate.org
Sun Aug 24 17:21:02 EDT 2014
On Aug 24, 2014, at 4:51 PM, Carl T. Miller <carl at carltm.com> wrote:
> Find recent violations and proposed solutions:
> sealert -a /var/log/audit/audit.log
Another tool I find quite useful is 'ausearch' to search the audit logs.
For example, if I want to see all the AVC entries from the past 5 minutes, I'd run
# ausearch -m avc -ts recent
For just todays:
# ausearch -m avc -ts today
This is useful for piping to 'audit2allow'.
--
Jonathan Billings <billings at negate.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 235 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://linux.marcdatabase.com/pipermail/washlug/attachments/20140824/30a6f2e1/attachment.bin
More information about the washlug
mailing list