Bash script problem [OT]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello all,

I run my F8 SELinux machine headless, and administer it through ssh.
This means I don't easily have many of the graphical tools available to
help.

During the early stages of my transition to "enforcing" mode I want to
keep a close eye on denials but of course I don't have the wonderful
sealert graphical troubleshooter popping up each time something happens.

So I have written this little script to check the logs using a cron job
every ten minutes. (NB I'm no expert in bash scripting - that much
should be obvious!)

The script itself works just fine when run from the command line as
root. When run from cron however (still as root), no matter what denials
there have been, ausearch *always* returns "<no matches>". I have tried
this by putting the ausearch command on a line of its own, and even with
the command ausearch -m AVC -ts yesterday (when there *were* denials) it
returns "<no matches>" wehre running the exact same command from the
command line produces the correct output.

I have no idea why this doesn't work - environment variables perhaps?

Any bash script gurus out there?

Thanks

Mark

=====8<===============================================================
#!/bin/bash

# selinux_avc_check.sh

# This script uses the "ausearch" tool which reads the SELinux 
# /var/log/audit/audit.log file.

# The "-m AVC" means search for the term AVC (denial).
# The "-ts recent" means in the last 10 minutes

# If there are no AVC denials it will report "<no matches>"
# and all will be well.
# If there is any other output (i.e there has been a denial) it
# will send an email to root to check the logs.

# It is designed to be run as a cron job every 10 mins
# */10 * * * * /root/scripts/selinux_avc_check.sh


if /sbin/ausearch -m AVC -ts recent 2>&1| grep -q no\ matches

then
	exit 1
else
	echo "SELinux AVC Denial - please check the logs!" |mail -s "SELinux AVC Denial!" root
fi

=====8<===============================================================

Attachment: pgp5Ro0RnbTl3.pgp
Description: PGP signature

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux