commands.sh

sealert

linux

Analyze and explain SELinux AVC denial messages. Part of the `setroubleshoot-server` package. See also: `audit2why`, `ausearch`, `audit2allow`.

More info →

Options (4)

-a, --analyzeboolean

Analyze all recent SELinux denials

Example: sudo sealert {{[-a|--analyze]}} {{/var/log/audit/audit.log}}
-l, --lookupidboolean

Analyze a specific alert ID from system logs

Example: sudo sealert {{[-l|--lookupid]}} {{alert_id}}
-b, --browserboolean

Display a summary of recent SELinux alerts

Example: sudo sealert {{[-b|--browser]}}
-f, --followboolean

Monitor audit log in real-time for new alerts

Example: sudo tail {{[-f|--follow]}} {{/var/log/audit/audit.log}} | sealert {{[-l|--lookupid]}} -

Examples (4)

Analyze all recent SELinux denials

sudo sealert [-a|--analyze] /var/log/audit/audit.log

Analyze a specific alert ID from system logs

sudo sealert [-l|--lookupid] alert_id

Display a summary of recent SELinux alerts

sudo sealert [-b|--browser]

Monitor audit log in real-time for new alerts

sudo tail [-f|--follow] /var/log/audit/audit.log | sealert [-l|--lookupid] -
made by @shridhargupta | data from tldr-pages