Bug 1055100 - AVC summary no longer works (missing auditd + rsyslogd by default)
Summary: AVC summary no longer works (missing auditd + rsyslogd by default)
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: fpaste
Version: 20
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Ankur Sinha (FranciscoD)
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-01-18 19:44 UTC by d. johnson
Modified: 2014-07-03 04:06 UTC (History)
5 users (show)

(edit)
Clone Of:
(edit)
Last Closed: 2014-06-30 23:27:09 UTC


Attachments (Terms of Use)

Description d. johnson 2014-01-18 19:44:43 UTC
Description of problem:

"fpaste --sysinfo" does a quick count of selinux statistics.  This number no longer works.

Version-Release number of selected component (if applicable):

fpaste-0.3.7.1-9.fc20.noarch

How reproducible:

100%

Steps to Reproduce:
1. run "fpaste --sysinfo"
2. Locate this line: * SELinux Error Count (failed: "selinuxenabled && (grep avc: /var/log/messages; ausearch -m avc -ts today)2>/dev/null|egrep -o "comm=\"[^ ]+"|sort|uniq -c|sort -rn"):
3. Notice that the results never work.

Actual results:

N/A is the result.

Expected results:

It should count and report some selinux stats.

Additional info:

You can use journalctl to pull this info on systemd-enabled versions.

Example:

$ journalctl --since yesterday |grep avc: |egrep -o "comm=\"[^ ]+" |sort |uniq -c |sort -rn

You might be able to apply a filter that narrows down AVCs easier than grep.

Comment 1 Ankur Sinha (FranciscoD) 2014-01-23 09:20:38 UTC
Will work on this and correct it in the next update.

Comment 2 Fedora Update System 2014-06-24 05:47:20 UTC
fpaste-0.3.7.3.1-1.fc20 has been submitted as an update for Fedora 20.
https://admin.fedoraproject.org/updates/fpaste-0.3.7.3.1-1.fc20

Comment 3 Fedora Update System 2014-06-24 05:47:32 UTC
fpaste-0.3.7.3.1-1.fc19 has been submitted as an update for Fedora 19.
https://admin.fedoraproject.org/updates/fpaste-0.3.7.3.1-1.fc19

Comment 4 Fedora Update System 2014-06-24 23:21:53 UTC
Package fpaste-0.3.7.3.1-1.fc20:
* should fix your issue,
* was pushed to the Fedora 20 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing fpaste-0.3.7.3.1-1.fc20'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2014-7681/fpaste-0.3.7.3.1-1.fc20
then log in and leave karma (feedback).

Comment 5 lnie 2014-06-25 07:44:32 UTC
Tested with fpaste-0.3.7.3.1-1.fc20,the result is still N/A

Comment 6 Ankur Sinha (FranciscoD) 2014-06-25 08:23:56 UTC
(In reply to lnie from comment #5)
> Tested with fpaste-0.3.7.3.1-1.fc20,the result is still N/A

Can you please provide the output of:

journalctl --since yesterday |grep avc: |egrep -o "comm=\"[^ ]+" |sort |uniq -c |sort -rn

I don't get any output either, but that's because my system hasn't seen any AVC denials since yesterday. 

Thanks,
Warm regards,
Ankur

Comment 7 lnie 2014-06-25 08:47:32 UTC
(In reply to Ankur Sinha (FranciscoD) from comment #6)
> (In reply to lnie from comment #5)
> > Tested with fpaste-0.3.7.3.1-1.fc20,the result is still N/A
> 
> Can you please provide the output of:
> 
> journalctl --since yesterday |grep avc: |egrep -o "comm=\"[^ ]+" |sort |uniq
> -c |sort -rn
> 
> I don't get any output either, but that's because my system hasn't seen any
> AVC denials since yesterday. 
> 
> Thanks,
> Warm regards,
> Ankur

sure,the output is :24 comm="plugin-containe"

Comment 8 Fedora Update System 2014-06-30 23:27:09 UTC
fpaste-0.3.7.3.1-1.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 9 Fedora Update System 2014-07-03 04:06:34 UTC
fpaste-0.3.7.3.1-1.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.