policycoreutils/policycoreutils-rhat.patch
Daniel J Walsh abd6b8aa00 * Tue May 17 2005 Dan Walsh <dwalsh@redhat.com> 1.23.10-1
- Update to match NSA
	* Extended audit2why to incorporate booleans and local user
	  settings when analyzing audit messages.
2005-05-17 12:38:08 +00:00

91 lines
3.6 KiB
Diff

diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2why/audit2why.1 policycoreutils-1.23.10/audit2why/audit2why.1
--- nsapolicycoreutils/audit2why/audit2why.1 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-1.23.10/audit2why/audit2why.1 2005-05-17 08:24:26.000000000 -0400
@@ -0,0 +1,62 @@
+.\" Hey, Emacs! This is an -*- nroff -*- source file.
+.\" Copyright (c) 2005 Dan Walsh <dwalsh@redhat.com>
+.\"
+.\" This is free documentation; you can redistribute it and/or
+.\" modify it under the terms of the GNU General Public License as
+.\" published by the Free Software Foundation; either version 2 of
+.\" the License, or (at your option) any later version.
+.\"
+.\" The GNU General Public License's references to "object code"
+.\" and "executables" are to be interpreted as the output of any
+.\" document formatting or typesetting system, including
+.\" intermediate and printed output.
+.\"
+.\" This manual is distributed in the hope that it will be useful,
+.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
+.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+.\" GNU General Public License for more details.
+.\"
+.\" You should have received a copy of the GNU General Public
+.\" License along with this manual; if not, write to the Free
+.\" Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139,
+.\" USA.
+.\"
+.\"
+.TH AUDIT2ALLOW "1" "May 2005" "Security Enhanced Linux" NSA
+.SH NAME
+audit2why \- Translates auditmessages into a description of why the access was denied
+.SH SYNOPSIS
+.B audit2why
+.RI [ options "] "
+.SH OPTIONS
+.TP
+
+.B "\-\-help"
+Print a short usage message
+.TP
+.B "\-p <policyfile>"
+Specify an alternate policy file.
+.SH DESCRIPTION
+.PP
+This utility scans stdin (logfiles) for messages logged when the
+system denied permission for operations, and generates a reason why the
+access was denied
+.PP
+.SH EXAMPLE
+$ /usr/sbin/audit2why < /var/log/audit/audit.log
+
+type=KERNEL msg=audit(1115316525.803:399552): avc: denied { getattr } for path=/home/sds dev=hda5 ino=1175041 scontext=root:secadm_r:secadm_t:s0-s9:c0.c127 tcontext=user_u:object_r:user_home_dir_t:s0 tclass=dir
+ Was caused by:
+ Missing TE allow rule for the type pair (use audit2allow).
+
+type=KERNEL msg=audit(1115320071.648:606858): avc: denied { append } for name=.bash_history dev=hda5 ino=1175047 scontext=user_u:user_r:user_t:s1-s9:c0.c127 tcontext=user_u:object_r:user_home_t:s0 tclass=file
+ Was caused by:
+ Constraint violation (add type attribute to domain to satisfy constraints or alter constraint).
+
+
+.PP
+.SH AUTHOR
+This manual page was written by
+.I Dan Walsh <dwalsh@redhat.com>,
+.B audit2why
+utility was written by Stephen Smalley <sds@tycho.nsa.gov>.
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2why/Makefile policycoreutils-1.23.10/audit2why/Makefile
--- nsapolicycoreutils/audit2why/Makefile 2005-05-16 15:40:11.000000000 -0400
+++ policycoreutils-1.23.10/audit2why/Makefile 2005-05-17 08:25:00.000000000 -0400
@@ -17,6 +17,8 @@
install: all
-mkdir -p $(BINDIR)
install -m 755 $(TARGETS) $(BINDIR)
+ -mkdir -p $(MANDIR)/man1
+ install -m 644 audit2why.1 $(MANDIR)/man1/
clean:
rm -f $(TARGETS) *.o
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-1.23.10/scripts/fixfiles
--- nsapolicycoreutils/scripts/fixfiles 2005-04-29 14:11:23.000000000 -0400
+++ policycoreutils-1.23.10/scripts/fixfiles 2005-05-17 08:24:26.000000000 -0400
@@ -164,7 +164,7 @@
fi
# See how we were called.
-while getopts "C:Fo:R:l:" i; do
+while getopts "C:Ffo:R:l:" i; do
case "$i" in
f)
fullFlag=1