2021-04-02 11:43:03 +02:00
|
|
|
#!/usr/bin/env bash
|
|
|
|
# Review AppArmor generated messages
|
|
|
|
# Copyright (C) 2021 Alexandre Pujol <alexandre@pujol.io>
|
|
|
|
# SPDX-License-Identifier: GPL-2.0-only
|
|
|
|
#
|
|
|
|
|
|
|
|
readonly LOGFILE=/var/log/audit/audit.log
|
|
|
|
|
|
|
|
# Parses AppArmor logs to hide unnecessary information and remove duplicates.
|
|
|
|
_apparmor_log() {
|
2021-07-08 13:52:12 +02:00
|
|
|
local state="$1" profile="$2"
|
2021-04-02 11:43:03 +02:00
|
|
|
grep -a "$state" "$LOGFILE" \
|
|
|
|
| grep "profile=\"$profile.*\"" \
|
|
|
|
| sed -e 's/AVC //' \
|
|
|
|
-e "s/apparmor=\"$state\"/$state/" \
|
|
|
|
-e 's/type=msg=audit(.*): //' \
|
|
|
|
-e 's/pid=.* comm/comm/' \
|
|
|
|
-e 's/ fsuid.*//' \
|
|
|
|
| awk '!x[$0]++'
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
_apparmor_log DENIED "$@"
|
|
|
|
_apparmor_log ALLOWED "$@"
|