[SCRIPT] avctree 1.0.4

Lee Kok Seng kokseng at ieee.org
Sat May 19 00:03:24 UTC 2007


On 18 May 2007, at 5:57 PM, Manuel Wolfshant wrote:

> Lee Kok Seng wrote:
>> Hello,
>>
>> Here is version 1.0.4 of the script previously posted.
>>
> Hi
>
> Under centos 4.5 (perl-5.8.5-36.RHEL4.i386) and Fedora 6  
> (perl-5.8.8-10)  I get:
>
> Use of uninitialized value in pattern match (m//) at ./avctree.pl  
> line 133.
>
> > pl version 1.0.4+, Copyright (C) 2007,  LEE, "Kok Seng" (kokseng  
> at ieee dot org)
>
>
> Could you please fix this ?
>
>    manuel
>

Lee Kok Seng wrote:

> Hello,
>
> Here is version 1.0.4 of the script previously posted.
>

And this is on another centos (4.4) :

[root at imap ~]# ./avctree.pl --log=all
Use of uninitialized value in pattern match (m//) at ./avctree.pl  
line 133.
readline() on closed filehandle LOGF at ./avctree.pl line 197.
readline() on closed filehandle LOGF at ./avctree.pl line 197.


Hello,

Thanks for the report. Here is the fix.

/ks
-------------------------------------------------------------- 
[cut]----------------------------------------------------------
Index: avctree
===================================================================
--- avctree	(revision 21)
+++ avctree	(working copy)
@@ -27,7 +27,7 @@
# 1.0.2 	--re option allow context to mean scontext or tcontext, all  
to mean any key
# 1.0.3		added --age option to select based on age of message
# 1.0.4 	added --uniq option to show messages that are unique
-my $version='1.0.4+';
+my $version='1.0.4++';
use strict;
use warnings;
my ($thisScript) = ($0 =~ /.*?\/*(\w+)$/);
@@ -115,7 +115,7 @@
my $skiptags = defined($tagsARG)?0:1;
## Option: log files
my @logOPT	= grep  -e $_,  split /,|\n|\r/, $logARG if (defined 
($logARG));
- at logOPT = ('/var/log/messages','/var/log/kernel','/var/log/debug','/ 
var//log/audit')
+ at logOPT = ('/var/log/audit','/var/log/kernel','/var/log/messages','/ 
var/log/debug')
	if (defined($logARG) && ((!scalar @logOPT) || grep /all/, @logOPT));
@logOPT = ('/var/log/audit') if (!scalar @logOPT && -e '/var/log/ 
audit');
@logOPT = ('/var/log/kernel') if (!scalar @logOPT && -e '/var/log/ 
kernel');
@@ -130,7 +130,7 @@
## Option: age
my @ageOPT	= split /,|\n|\r/, $ageARG if (defined($ageARG));
@ageOPT = ('10m') if (defined($ageARG) && !scalar @ageOPT);
-my ($age, $tu) = ($ageOPT[0] =~ /\s*([\d\.]+)\s*([smhdw]).*/);
+my ($age, $tu) = ($ageOPT[0] =~ /\s*([\d\.]+)\s*([smhdw]).*/) if  
@ageOPT;
undef $ageARG if (!defined($age));
$age *= defined($tu)?($tu eq 'm'?60:($tu eq 'h'?3600:($tu eq 'd'? 
86400:($tu eq 'w'?604800:1)))):1 if (defined($ageARG));
##  
------------------------------------------------------------------------ 
----------------------
@@ -191,7 +191,8 @@
	my $tmax = defined($avc->{'_tcontext_max_'})?$avc-> 
{'_tcontext_max_'}:0;
	my $smax = defined($avc->{'_scontext_max_'})?$avc-> 
{'_scontext_max_'}:0;
	my $rex = undef;
-	
+
+	return if ( ! -e $logfile );	
	open LOGF, '<' . $logfile || die "Cannot open input file: $logfile";
	while (<LOGF>) {
@@ -235,16 +236,19 @@
		# Check if this message is unique
		my $uniq = 1;
+		#print "\n $this{scontext} $this{tcontext} $this{comm} $this 
{action} $this{tclass}";
		if (defined($uniqARG)&&defined($avc{'scontext'})&&defined($avc 
{'scontext'}->{$this{'scontext'}})) {
			foreach (@{$avc{'scontext'}->{$this{'scontext'}}}) {
+				#print "\n      $_->{scontext} $_->{tcontext} $_->{comm} $_-> 
{action} $_->{tclass}";
+
				if ($_->{'tcontext'} eq $this{'tcontext'} &&
					($_->{'comm'} eq $this{'comm'})&&	
-					($_->{'name'} eq $this{'name'}) &&
					($_->{'tclass'} eq $this{'tclass'}) &&
					($_->{'action'} eq $this{'action'}) &&
-					(!defined($_->{'dev'}) || $_->{'dev'} eq $this{'dev'}) &&		
-					(!defined($_->{'ino'}) || $_->{'ino'} eq $this{'ino'}) && 		
-					(!defined($_->{'key'}) || $_->{'key'} eq $this{'key'}) 	
+					(!defined($_->{'name'}) || (defined($this{'name'}) && $_-> 
{'name'} eq $this{'name'})) &&
+					(!defined($_->{'dev'}) || (defined($this{'dev'}) && $_->{'dev'}  
eq $this{'dev'})) &&		
+					(!defined($_->{'ino'}) || (defined($this{'ino'}) && $_->{'ino'}  
eq $this{'ino'})) && 		
+					(!defined($_->{'key'}) || (defined($this{'key'}) && $_->{'key'}  
eq $this{'key'})) 	
					) {
					$_->{'_same_'} = [()] if (!defined($_->{'_same_'}));
					push @{$_->{'_same_'}}, \%this;
@@ -336,10 +340,11 @@
readLOG(\%avc, $_, scalar @reOPT?\@reOPT:undef) foreach (@logLIST);
# Decide which category to print
@catOPT = (sort keys %avc)  if (defined($catARG) && (! scalar  
@catOPT) ||  grep /all/, at catOPT ) ;
- at catOPT = @catDEF if (!defined($catARG));
+ at catOPT = grep !/^\s*$/, @catDEF if (!defined($catARG));
print "\n> $thisScript version $version, Copyright (C) 2007,  LEE,  
\"Kok Seng\" (kokseng at ieee dot org)";
print "\n> Notice: get help and condition of usage inforamtion  
regarding this script: $thisScript --help";
-print "\n> File(s) parsed: ", join ', ', @logOPT, " Key(s) : ", join  
', ', @catOPT;
+print "\n> File(s) parsed: ", join ', ', @logOPT;
+print "\n> Key(s) : " .  join(', ', @catOPT);
print "\n> Regular expression = ", join ' or ', @reOPT if (scalar  
@reOPT);
print "\n> Age not more than ", $ageARG, " (", $age, " seconds)" if  
(defined($ageARG));
print "\n> Unique mode is ON" if (defined($uniqARG));





More information about the fedora-selinux-list mailing list