mirror of
https://github.com/roddhjav/apparmor.d.git
synced 2024-11-15 07:54:17 +01:00
25 lines
691 B
Bash
Executable File
25 lines
691 B
Bash
Executable File
#!/usr/bin/env bash
|
|
# Review AppArmor generated messages
|
|
# Copyright (C) 2021 Alexandre Pujol <alexandre@pujol.io>
|
|
# SPDX-License-Identifier: GPL-2.0-only
|
|
#
|
|
|
|
readonly LOGFILE=/var/log/audit/audit.log
|
|
|
|
# Parses AppArmor logs to hide unnecessary information and remove duplicates.
|
|
_apparmor_log() {
|
|
local state="$1" profile="$2"
|
|
grep -a "$state" "$LOGFILE" \
|
|
| grep "profile=\"$profile.*\"" \
|
|
| sed -e 's/AVC //' \
|
|
-e "s/apparmor=\"$state\"/$state/" \
|
|
-e 's/type=msg=audit(.*): //' \
|
|
-e 's/pid=.* comm/comm/' \
|
|
-e 's/ fsuid.*//' \
|
|
| awk '!x[$0]++'
|
|
|
|
}
|
|
|
|
_apparmor_log DENIED "$@"
|
|
_apparmor_log ALLOWED "$@"
|