Re: [SCRIPT] avctree 1.0.4

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Lee Kok Seng wrote:

Hello,

Here is version 1.0.4 of the script previously posted.
a. Added regular expression (perl) to select messages to display
e.g avctree --re="context=~/java/" will show any avc message that has 'java' in 
    scontext *or* tcontext.
e.g avctree --re="*=~/initrc/" will show any avc messages that has 'su' anywhere. 

b. Added message selection based on age of message
e.g avctree --age 3h will show avc messages not older than 3 hours from when you run the script. 

c. Added 'unique' format of print
e.g avctree --uniq will show avc messages that are unique once, i.e. scontext, tcontext, comm, name, dev, ino, key all match up (except time tag, audit tag, pid ... so, use with this in mind) 

Try this: avctree --uniq --age 1d

/ks


How about submitting and maintaining this as a package in Fedora?

http://fedoraproject.org/wiki/PackageMaintainers/Join

Rahul

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux