Commit e4e9e3e7 authored by Emanuele Aina's avatar Emanuele Aina

aa_log_extract_tokens: Fix audit type to be ALLOWED rather than PERMIT

The actual type for "should-be-denied-but-in-complain-mode-so-go-ahead" audit
messages is `ALLOWED`, not `PERMIT`.

See https://github.com/torvalds/linux/blob/v4.19/security/apparmor/audit.c#L32Signed-off-by: Emanuele Aina's avatarEmanuele Aina <emanuele.aina@collabora.com>
parent a699e7d7
......@@ -37,7 +37,7 @@ sudo apt-get -y --force-yes install apparmor-utils
say "Checking for apparmor complaints ..."
sudo journalctl -b -t audit -o cat | aa_log_extract_tokens.sh \
PERMIT DENIED > "${TMPDIR}/complaint_tokens.log"
ALLOWED DENIED > "${TMPDIR}/complaint_tokens.log"
if ! [ -s "${TMPDIR}/complaint_tokens.log" ]; then
say "No complaints found!"
......
......@@ -4,13 +4,13 @@
usage() {
echo "Usage: $0 <event mode> [event mode]..."
echo "And pipe logs to it"
echo "Valid values for [event mode] are: PERMIT, DENIED, AUDIT"
echo "Valid values for [event mode] are: ALLOWED, DENIED, AUDIT"
}
events=""
while [ $# -gt 0 ] ; do
case $1 in
AUDIT|PERMIT|DENIED)
AUDIT|ALLOWED|DENIED)
events="$events $1"
;;
*)
......
#!/bin/sh
exec sudo journalctl -b -t audit -o cat -f | /usr/bin/aa_log_extract_tokens.sh PERMIT DENIED
exec sudo journalctl -b -t audit -o cat -f | /usr/bin/aa_log_extract_tokens.sh ALLOWED DENIED
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment