[SCRIPT] avctree 1.0.4
Rahul Sundaram
sundaram at fedoraproject.org
Thu May 17 23:35:25 UTC 2007
Lee Kok Seng wrote:
> Hello,
>
> Here is version 1.0.4 of the script previously posted.
> a. Added regular expression (perl) to select messages to display
> e.g avctree --re="context=~/java/" will show any avc message
> that has 'java' in
> scontext *or* tcontext.
> e.g avctree --re="*=~/initrc/" will show any avc messages that has
> 'su' anywhere.
>
> b. Added message selection based on age of message
> e.g avctree --age 3h will show avc messages not older than 3 hours
> from when you run the script.
>
> c. Added 'unique' format of print
> e.g avctree --uniq will show avc messages that are unique once, i.e.
> scontext, tcontext, comm,
> name, dev, ino, key all match up (except time tag, audit tag, pid ...
> so, use with this in mind)
>
> Try this: avctree --uniq --age 1d
>
> /ks
How about submitting and maintaining this as a package in Fedora?
http://fedoraproject.org/wiki/PackageMaintainers/Join
Rahul
More information about the fedora-selinux-list
mailing list