mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2025-01-18 08:58:15 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

aa-log: add support for audit entries.

Browse source
This commit is contained in:
Alexandre Pujol 2022-03-17 14:03:00 +00:00
parent 4ff371e739
commit fd1dce916d
Failed to generate hash of commit
1 changed files with 9 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
cmd/aa-log/main.go
View file

@ -31,6 +31,7 @@ const (
FgMagenta = "\033[35m"
BoldRed = "\033[1;31m"
BoldGreen = "\033[1;32m"
BoldYellow = "\033[1;33m"
)
// AppArmorLog describes a apparmor log entry
@ -70,7 +71,7 @@ func removeDuplicateLog(logs []string) []string {
// NewApparmorLogs return a new ApparmorLogs list of map from a log file
func NewApparmorLogs(file *os.File, profile string) AppArmorLogs {
log := ""
exp := "apparmor=(\"DENIED\"|\"ALLOWED\")"
exp := "apparmor=(\"DENIED\"|\"ALLOWED\"|\"AUDIT\")"
if profile != "" {
exp = fmt.Sprintf(exp+".* profile=\"%s.*\"", profile)
}
@ -124,6 +125,7 @@ func (aaLogs AppArmorLogs) String() string {
state := map[string]string{
"DENIED": BoldRed + "DENIED " + Reset,
"ALLOWED": BoldGreen + "ALLOWED" + Reset,
"AUDIT": BoldYellow + "AUDIT " + Reset,
}
// Order of impression
keys := []string{