Bug 1302670 - /var/log/audit/audit.log seen as binary by grep
Summary: /var/log/audit/audit.log seen as binary by grep
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: setroubleshoot-plugins
Version: 23
Hardware: Unspecified
OS: Unspecified
low
low
Target Milestone: ---
Assignee: Petr Lautrbach
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-01-28 11:15 UTC by Grégoire
Modified: 2016-04-09 15:26 UTC (History)
7 users (show)

Fixed In Version: setroubleshoot-plugins-3.3.3-1.fc23
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-04-09 14:21:31 UTC


Attachments (Terms of Use)

Description Grégoire 2016-01-28 11:15:24 UTC
Description of problem: For some reason, grep consider /var/log/audit/audit.log to be a binary file, so when I run the suggested command
  
  grep sstpc /var/log/audit/audit.log | audit2allow -M mypols

to fix some SELinux problem with sstp (Bug 1136569), it tells me

  Nothing to do


One easy fix is to use grep -a to force interpreting the input as text.


Additional info: I tried to locate the line of audit.log that causes the problem but strangely, it doesn't show up unless I pass a big chunk of the file to grep.

Comment 1 Miroslav Grepl 2016-01-29 13:09:20 UTC
What does

# grep sstpc /var/log/audit/audit.log 

returns you?

Comment 2 Grégoire 2016-01-29 21:49:37 UTC
> # grep sstpc /var/log/audit/audit.log
> Binary file /var/log/audit/audit.log matches
> #

Adding -a, I get the matching lines instead.

Comment 3 Daniel Walsh 2016-02-01 08:54:03 UTC
This would be an audit or kernel issue not an selinux issue.

Comment 4 Steve Grubb 2016-02-12 15:58:48 UTC
The audit log is a text file. Grep has never been a recommended tool to use on the audit logs because it will find only one record of an event and not the whole event. The correct way to find events with sstpc is:

ausearch -x sstpc --raw | audit2allow -M mypols

Comment 5 Petr Lautrbach 2016-02-12 18:20:34 UTC
You could suggest to use ausearch in catchall plugin:

-# grep $SOURCE /var/log/audit/audit.log | audit2allow -M mypol
+# ausearch -c $SOURCE | audit2allow -M mypol

Grégoire, does the following command work for you?

ausearch -c sstpc | audit2allow -M mypol

Comment 6 Grégoire 2016-02-12 18:30:58 UTC
Yes, ausearch works.

Comment 8 Mike McCune 2016-03-28 23:19:36 UTC
This bug was accidentally moved from POST to MODIFIED via an error in automation, please see mmccune@redhat.com with any questions

Comment 9 Fedora Update System 2016-04-05 05:39:54 UTC
setroubleshoot-plugins-3.3.3-1.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2016-4ebee7316b

Comment 10 Fedora Update System 2016-04-05 05:40:04 UTC
setroubleshoot-plugins-3.3.3-1.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2016-b643f1e1df

Comment 11 Fedora Update System 2016-04-05 15:53:24 UTC
setroubleshoot-plugins-3.3.3-1.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-b643f1e1df

Comment 12 Fedora Update System 2016-04-05 19:21:46 UTC
setroubleshoot-plugins-3.3.3-1.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-4ebee7316b

Comment 13 Fedora Update System 2016-04-09 14:21:28 UTC
setroubleshoot-plugins-3.3.3-1.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.

Comment 14 Fedora Update System 2016-04-09 15:26:10 UTC
setroubleshoot-plugins-3.3.3-1.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.