commands.sh

audit2why

linux

Explain SELinux denials from audit logs. Part of the `policycoreutils-python-utils` package. See also: `audit2allow`, `ausearch`, `sealert`.

More info →

Options (3)

-i, --inputboolean

Explain SELinux denials from a specific audit log file

Example: sudo audit2why {{[-i|--input]}} {{path/to/audit.log}}
-m, --messageboolean

Explain all SELinux denials from the audit log

Example: sudo ausearch {{[-m|--message]}} avc | audit2why
-c, --commboolean

Explain denials for a specific service

Example: sudo ausearch {{[-m|--message]}} avc {{[-c|--comm]}} {{service_name}} | audit2why

Examples (4)

Explain the most recent SELinux denial

sudo audit2why

Explain SELinux denials from a specific audit log file

sudo audit2why [-i|--input] path/to/audit.log

Explain all SELinux denials from the audit log

sudo ausearch [-m|--message] avc | audit2why

Explain denials for a specific service

sudo ausearch [-m|--message] avc [-c|--comm] service_name | audit2why
made by @shridhargupta | data from tldr-pages