Bug 1302670
| Summary: | /var/log/audit/audit.log seen as binary by grep | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Grégoire <gregoire> |
| Component: | setroubleshoot-plugins | Assignee: | Petr Lautrbach <plautrba> |
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | 23 | CC: | dominick.grift, dwalsh, gregoire, lvrabec, mgrepl, plautrba, sgrubb |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | setroubleshoot-plugins-3.3.3-1.fc23 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2016-04-09 14:21:31 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Grégoire
2016-01-28 11:15:24 UTC
What does # grep sstpc /var/log/audit/audit.log returns you?
> # grep sstpc /var/log/audit/audit.log
> Binary file /var/log/audit/audit.log matches
> #
Adding -a, I get the matching lines instead.
This would be an audit or kernel issue not an selinux issue. The audit log is a text file. Grep has never been a recommended tool to use on the audit logs because it will find only one record of an event and not the whole event. The correct way to find events with sstpc is: ausearch -x sstpc --raw | audit2allow -M mypols You could suggest to use ausearch in catchall plugin: -# grep $SOURCE /var/log/audit/audit.log | audit2allow -M mypol +# ausearch -c $SOURCE | audit2allow -M mypol Grégoire, does the following command work for you? ausearch -c sstpc | audit2allow -M mypol Yes, ausearch works. This bug was accidentally moved from POST to MODIFIED via an error in automation, please see mmccune with any questions setroubleshoot-plugins-3.3.3-1.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2016-4ebee7316b setroubleshoot-plugins-3.3.3-1.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2016-b643f1e1df setroubleshoot-plugins-3.3.3-1.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-b643f1e1df setroubleshoot-plugins-3.3.3-1.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-4ebee7316b setroubleshoot-plugins-3.3.3-1.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report. setroubleshoot-plugins-3.3.3-1.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report. |