Hi Jason,
I believe you actually gave the answer yourself,
SeTroubleShoot tends to achieve exactly what you want, with much less
effort if you program in Python,
you can add your plugins,
the raw processing approach requires more effort to achieve what
SeTroubleshoot already established
Which one is "better" actually depends on what you want to achieve, your
deadline and programming/scripting language that you want to work with
Sincerely,
Patrick K.
On 10/11/2011 11:07 PM, Jason Axelson wrote:
Hi,
I am writing a program that will monitor the SELinux log for AVC violations
and deal with them appropriately. Currently I am looking at approaches to
monitor the SELinux log.
One approach is to do raw monitoring of /var/log/audit/audit.log with
something like:
tail -f /var/log/audit/audit.log | ausearch -m avc
A second approach may be to implement an SETroubleShoot plugin:
https://fedorahosted.org/setroubleshoot/wiki/SETroubleShoot%20Overview
I'm kind of leaning towards an SETroubleShoot plugin since it seems like less
new development and the infrastructure seems to be already there.
Is this a valid approach? Is there a better way?
Thanks,
Jason
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
