mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2025-01-29 22:35:15 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

aa-log: add support for audit entries.

Browse source
This commit is contained in:
Alexandre Pujol 2022-03-17 14:03:00 +00:00
parent 4ff371e739
commit fd1dce916d
Failed to generate hash of commit
1 changed files with 9 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
cmd/aa-log/main.go
View file

@ -25,12 +25,13 @@ const LogFile = "/var/log/audit/audit.log"
// Colors // Colors
const ( const (
Reset = "\033[0m" Reset = "\033[0m"
FgYellow = "\033[33m" FgYellow = "\033[33m"
FgBlue = "\033[34m" FgBlue = "\033[34m"
FgMagenta = "\033[35m" FgMagenta = "\033[35m"
BoldRed = "\033[1;31m" BoldRed = "\033[1;31m"
BoldGreen = "\033[1;32m" BoldGreen = "\033[1;32m"
BoldYellow = "\033[1;33m"
) )
// AppArmorLog describes a apparmor log entry // AppArmorLog describes a apparmor log entry
@ -70,7 +71,7 @@ func removeDuplicateLog(logs []string) []string {
// NewApparmorLogs return a new ApparmorLogs list of map from a log file // NewApparmorLogs return a new ApparmorLogs list of map from a log file
func NewApparmorLogs(file *os.File, profile string) AppArmorLogs { func NewApparmorLogs(file *os.File, profile string) AppArmorLogs {
log := "" log := ""
exp := "apparmor=(\"DENIED\"|\"ALLOWED\")" exp := "apparmor=(\"DENIED\"|\"ALLOWED\"|\"AUDIT\")"
if profile != "" { if profile != "" {
exp = fmt.Sprintf(exp+".* profile=\"%s.*\"", profile) exp = fmt.Sprintf(exp+".* profile=\"%s.*\"", profile)
} }
@ -124,6 +125,7 @@ func (aaLogs AppArmorLogs) String() string {
state := map[string]string{ state := map[string]string{
"DENIED": BoldRed + "DENIED " + Reset, "DENIED": BoldRed + "DENIED " + Reset,
"ALLOWED": BoldGreen + "ALLOWED" + Reset, "ALLOWED": BoldGreen + "ALLOWED" + Reset,
"AUDIT": BoldYellow + "AUDIT " + Reset,
} }
// Order of impression // Order of impression
keys := []string{ keys := []string{