Sorry, the strings to grep for are the ones in comm="the_string" (in your example for example it's "sed")
----- Le 29 Mai 20, à 15:31, Michaël Couren [email protected] a écrit : > Hi, > you coul'd start with : > > cat /var/log/audit/audit.log | grep denied | audit2why > > The messages are quite clear. > > After you coul'd also refine a little bit more : > > cat /var/log/audit/audit.log |grep snmpd | audit2allow -M my_module_for_snmpd > > Remember to renew audit.log sometimes, in order to filter errors more > preciselly > -- > Cordialement / Best regards, Michaël Couren, > ABES, Montpellier, France. > > > > ----- Le 29 Mai 20, à 15:14, Andrei Verovski [email protected] a écrit : > >> Hi, >> >> SELinux is quite cumbersome for someone which not used it before. >> >> stat /var/log/anvraidcheck.log >> # File: ‘/var/log/anvraidcheck.log’ >> # Size: 75 Blocks: 8 IO Block: 4096 regular file >> # Device: fd08h/64776d Inode: 138 Links: 1 >> # Access: (0666/-rw-rw-rw-) Uid: ( 0/ root) Gid: ( 0/ root) >> # Context: system_u:object_r:cron_log_t:s0 >> >> ps -eZ | grep snmpd >> # system_u:system_r:snmpd_t:s0 1835 ? 00:02:00 snmpd >> >> >> How to enforce this policy (if its correct of course)? >> >> allow snmpd_t cron_log_t:file { read }; >> >> >> >>> On 29 May 2020, at 12:31, Alan <[email protected]> wrote: >>> >>> When running from the terminal you are unconfined, hence it runs without >>> error. >>> >>> Probably your only option is to create custom policy to allow this. >>> Although I >>> would question why the log file you are reading is cron_log_t and not >>> var_log_t. >>> >>> >>> ---- On Fri, 29 May 2020 09:25:41 +0100 Andrei Verovski >>> <[email protected]> >>> wrote ---- >>> >>> Hi ! >>> >>> I’m struggling with SELinux blocking SNMP script from reading log file >>> (oVirt >>> node manually installed on CentOS 7). >>> Log file is readable by all (chmod ugo+r). >>> >>> Scripts working fine when executed from terminal. >>> >>> I did not dig deep into CentOS internals, I’m mostly use Debian and SuSE. >>> As far >>> as I know, SELinux can’t be turned off on oVirt node. >>> >>> Thanks in advance for any suggestion(s). >>> >>> >>> ********************** >>> >>> option in snmpd.conf >>> >>> extend .1.3.6.1.4.1.2021.7890.5 checkraid /opt/4anvcheckraid_hp.sh >>> >>> >>> ********************** >>> script 4anvcheckraid_hp.sh >>> >>> #!/bin/bash >>> >>> LOGFILE='/var/log/anvraidcheck.log' >>> >>> if [ ! -f $LOGFILE ]; then >>> exit 0 >>> fi >>> >>> # Variant 1 with sed >>> sed '/^[ \t]*$/d' $LOGFILE | while read line; do >>> echo "$line" >>> exit 1 >>> done >>> >>> # Variant 2 without sed >>> while read line >>> do >>> if [[ "$line" =~ [^[:space:]] ]]; then >>> echo "$line" >>> exit 1 >>> fi >>> done < $LOGFILE >>> >>> >>> ********************** >>> >>> SELinux audit log: >>> >>> type=AVC msg=audit(1590673970.198:469304): avc: denied { read } for >>> pid=12142 >>> comm="sed" name="anvraidcheck.log" dev="dm-8" ino=138 >>> scontext=system_u:system_r:snmpd_t:s0 >>> tcontext=system_u:object_r:cron_log_t:s0 >>> tclass=file permissive=0 >>> >>> type=AVC msg=audit(1590673970.197:469303): avc: denied { read } for >>> pid=12141 >>> comm="4anvcheckraid_h" name="anvraidcheck.log" dev="dm-8" ino=138 >>> scontext=system_u:system_r:snmpd_t:s0 >>> tcontext=system_u:object_r:cron_log_t:s0 >>> tclass=file permissive=0 >>> >>> _______________________________________________ >>> Users mailing list -- [email protected] <mailto:[email protected]> >>> To unsubscribe send an email to [email protected] >>> <mailto:[email protected]> >>> Privacy Statement: https://www.ovirt.org/privacy-policy.html >>> <https://www.ovirt.org/privacy-policy.html> >>> oVirt Code of Conduct: >>> https://www.ovirt.org/community/about/community-guidelines/ >>> <https://www.ovirt.org/community/about/community-guidelines/> >>> List Archives: >>> https://lists.ovirt.org/archives/list/[email protected]/message/MYWS2S57UP5GISJ7APXVJO6NVCVEFM22/ >>> <https://lists.ovirt.org/archives/list/[email protected]/message/MYWS2S57UP5GISJ7APXVJO6NVCVEFM22/> >>> >>> >> >> >> _______________________________________________ >> Users mailing list -- [email protected] >> To unsubscribe send an email to [email protected] >> Privacy Statement: https://www.ovirt.org/privacy-policy.html >> oVirt Code of Conduct: >> https://www.ovirt.org/community/about/community-guidelines/ >> List Archives: > > https://lists.ovirt.org/archives/list/[email protected]/message/3MICJMAXCALWNSYLWWJXQABJ4EAHW55L/ -- Cordialement / Best regards, Michaël Couren, ABES, Montpellier, France. _______________________________________________ Users mailing list -- [email protected] To unsubscribe send an email to [email protected] Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/[email protected]/message/U4CPYDTSSBHZLPG4IHFK3NHFPRTSG26P/
