2025-03-14 21:59:59 -06:00
|
|
|
# audit2allow
|
|
|
|
|
|
2025-12-16 10:20:31 -07:00
|
|
|
> Generate SELinux policy allow rules from audit logs.
|
|
|
|
|
> Part of the `policycoreutils-python-utils` package.
|
|
|
|
|
> See also: `audit2why`, `ausearch`, `semodule`.
|
2025-03-14 21:59:59 -06:00
|
|
|
> More information: <https://manned.org/audit2allow>.
|
|
|
|
|
|
2025-12-16 10:20:31 -07:00
|
|
|
- Generate allow rules from recent audit denials and display them:
|
2025-03-14 21:59:59 -06:00
|
|
|
|
2025-12-16 10:20:31 -07:00
|
|
|
`sudo audit2allow {{[-a|--all]}}`
|
2025-03-14 21:59:59 -06:00
|
|
|
|
2025-12-16 10:20:31 -07:00
|
|
|
- Generate allow rules from a specific audit log file:
|
2025-03-14 21:59:59 -06:00
|
|
|
|
2025-12-16 10:20:31 -07:00
|
|
|
`sudo audit2allow {{[-i|--input]}} {{path/to/audit.log}}`
|
2025-03-14 21:59:59 -06:00
|
|
|
|
2025-12-16 10:20:31 -07:00
|
|
|
- Generate a policy module from recent audit denials:
|
2025-03-14 21:59:59 -06:00
|
|
|
|
2025-12-16 10:20:31 -07:00
|
|
|
`sudo audit2allow {{[-a|--all]}} {{[-M|--module]}} {{module_name}}`
|
2025-03-14 21:59:59 -06:00
|
|
|
|
2025-12-16 10:20:31 -07:00
|
|
|
- Explain why SELinux denials occurred (same as `audit2why`):
|
2025-03-14 21:59:59 -06:00
|
|
|
|
2025-12-16 10:20:31 -07:00
|
|
|
`sudo audit2allow {{[-a|--all]}} --why`
|
|
|
|
|
|
|
|
|
|
- Display detailed information around generated messages:
|
|
|
|
|
|
|
|
|
|
`sudo audit2allow {{[-a|--all]}} {{[-e|--explain]}}`
|
|
|
|
|
|
|
|
|
|
- Use installed macros to generate a reference policy:
|
|
|
|
|
|
|
|
|
|
`sudo audit2allow {{[-a|--all]}} {{[-R|--reference]}}`
|
|
|
|
|
|
|
|
|
|
- Generate allow rules for a specific service:
|
|
|
|
|
|
|
|
|
|
`sudo ausearch {{[-m|--message]}} avc {{[-c|--comm]}} {{service_name}} | audit2allow {{[-M|--module]}} {{policy_name}}`
|
|
|
|
|
|
|
|
|
|
- Enable verbose output mode:
|
|
|
|
|
|
|
|
|
|
`sudo audit2allow {{[-a|--all]}} {{[-v|--verbose]}}`
|
