HiveBrain v1.2.0
Get Started
← Back to all entries
snippetbashTip

sealert — Analyze and explain SELinux AVC denial messages. Part of the `setroubleshoot-server` package. See al

Submitted by: @import:tldr-pages··
0
Viewed 0 times
tldrcommand-linesealertclilinux
explaincommandandanalyzeclisealertavcselinux
linux

Problem

How to use the sealert command: Analyze and explain SELinux AVC denial messages. Part of the setroubleshoot-server package. See also: audit2why, ausearch, audit2allow. More information: <https://manned.org/sealert>.

Solution

sealert — Analyze and explain SELinux AVC denial messages. Part of the setroubleshoot-server package. See also: audit2why, ausearch, audit2allow. More information: <https://manned.org/sealert>.

Analyze all recent SELinux denials:
sudo sealert {{[-a|--analyze]}} {{/var/log/audit/audit.log}}


Analyze a specific alert ID from system logs:
sudo sealert {{[-l|--lookupid]}} {{alert_id}}


Display a summary of recent SELinux alerts:
sudo sealert {{[-b|--browser]}}


Monitor audit log in real-time for new alerts:
sudo tail {{[-f|--follow]}} {{/var/log/audit/audit.log}} | sealert {{[-l|--lookupid]}} -

Code Snippets

Analyze all recent SELinux denials

sudo sealert {{[-a|--analyze]}} {{/var/log/audit/audit.log}}

Analyze a specific alert ID from system logs

sudo sealert {{[-l|--lookupid]}} {{alert_id}}

Display a summary of recent SELinux alerts

sudo sealert {{[-b|--browser]}}

Monitor audit log in real-time for new alerts

sudo tail {{[-f|--follow]}} {{/var/log/audit/audit.log}} | sealert {{[-l|--lookupid]}} -

Context

tldr-pages: linux/sealert

Revisions (0)

No revisions yet.