35 | | <to be filled in> |
| 35 | |
| 36 | === Searching audit log === |
| 37 | |
| 38 | Check for any denials: |
| 39 | {{{ |
| 40 | ausearch -m avc #all denials |
| 41 | ausearch -m avc -ts today #denials for that today |
| 42 | ausearch -m avc -ts recent #denials from the last 10 minutes |
| 43 | }}} |
| 44 | |
| 45 | Check entries for a specific service: |
| 46 | {{{ |
| 47 | ausearch -c docker #all audit entries for the docker service |
| 48 | ausearch -m avc -c docker #all denials for the docker service |
| 49 | }}} |
| 50 | |
| 51 | Reference: !https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security-Enhanced_Linux/sect-Security-Enhanced_Linux-Fixing_Problems-Searching_For_and_Viewing_Denials.html |