|
|
8efd3b0 |
diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/audit.py policycoreutils-2.0.71/sepolgen-1.0.17/src/sepolgen/audit.py
|
|
|
e96c403 |
--- nsasepolgen/src/sepolgen/audit.py 2008-08-28 09:34:24.000000000 -0400
|
|
|
8efd3b0 |
+++ policycoreutils-2.0.71/sepolgen-1.0.17/src/sepolgen/audit.py 2009-08-18 15:21:13.000000000 -0400
|
|
|
e96c403 |
@@ -23,6 +23,27 @@
|
|
|
28aeded |
|
|
|
e96c403 |
# Convenience functions
|
|
|
28aeded |
|
|
|
e96c403 |
+def get_audit_boot_msgs():
|
|
|
e96c403 |
+ """Obtain all of the avc and policy load messages from the audit
|
|
|
e96c403 |
+ log. This function uses ausearch and requires that the current
|
|
|
e96c403 |
+ process have sufficient rights to run ausearch.
|
|
|
e96c403 |
+
|
|
|
e96c403 |
+ Returns:
|
|
|
e96c403 |
+ string contain all of the audit messages returned by ausearch.
|
|
|
e96c403 |
+ """
|
|
|
e96c403 |
+ import subprocess
|
|
|
e96c403 |
+ import time
|
|
|
e96c403 |
+ fd=open("/proc/uptime", "r")
|
|
|
e96c403 |
+ off=float(fd.read().split()[0])
|
|
|
e96c403 |
+ fd.close
|
|
|
e96c403 |
+ s = time.localtime(time.time() - off)
|
|
|
e96c403 |
+ date = time.strftime("%D/%Y", s).split("/")
|
|
|
e96c403 |
+ bootdate="%s/%s/%s" % (date[0], date[1], date[3])
|
|
|
e96c403 |
+ boottime = time.strftime("%X", s)
|
|
|
e96c403 |
+ output = subprocess.Popen(["/sbin/ausearch", "-m", "AVC,USER_AVC,MAC_POLICY_LOAD,DAEMON_START,SELINUX_ERR", "-ts", bootdate, boottime],
|
|
|
e96c403 |
+ stdout=subprocess.PIPE).communicate()[0]
|
|
|
e96c403 |
+ return output
|
|
|
e96c403 |
+
|
|
|
e96c403 |
def get_audit_msgs():
|
|
|
e96c403 |
"""Obtain all of the avc and policy load messages from the audit
|
|
|
e96c403 |
log. This function uses ausearch and requires that the current
|
|
|
e96c403 |
@@ -47,6 +68,17 @@
|
|
|
b61040e |
stdout=subprocess.PIPE).communicate()[0]
|
|
|
b61040e |
return output
|
|
|
b61040e |
|
|
|
b61040e |
+def get_log_msgs():
|
|
|
b61040e |
+ """Obtain all of the avc and policy load messages from /var/log/messages.
|
|
|
b61040e |
+
|
|
|
b61040e |
+ Returns:
|
|
|
b61040e |
+ string contain all of the audit messages returned by /var/log/messages.
|
|
|
b61040e |
+ """
|
|
|
b61040e |
+ import subprocess
|
|
|
b61040e |
+ output = subprocess.Popen(["/bin/grep", "avc", "/var/log/messages"],
|
|
|
b61040e |
+ stdout=subprocess.PIPE).communicate()[0]
|
|
|
b61040e |
+ return output
|
|
|
b61040e |
+
|
|
|
b61040e |
# Classes representing audit messages
|
|
|
b61040e |
|
|
|
b61040e |
class AuditMessage:
|
|
|
8efd3b0 |
diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/refparser.py policycoreutils-2.0.71/sepolgen-1.0.17/src/sepolgen/refparser.py
|
|
|
8bd2afc |
--- nsasepolgen/src/sepolgen/refparser.py 2008-08-28 09:34:24.000000000 -0400
|
|
|
8efd3b0 |
+++ policycoreutils-2.0.71/sepolgen-1.0.17/src/sepolgen/refparser.py 2009-08-13 17:57:55.000000000 -0400
|
|
|
dc277d2 |
@@ -919,7 +919,7 @@
|
|
|
e61ad23 |
def list_headers(root):
|
|
|
e61ad23 |
modules = []
|
|
|
e61ad23 |
support_macros = None
|
|
|
e61ad23 |
- blacklist = ["init.if", "inetd.if", "uml.if", "thunderbird.if"]
|
|
|
48ee727 |
+ blacklist = ["uml.if", "thunderbird.if", "unconfined.if"]
|
|
|
e61ad23 |
|
|
|
e61ad23 |
for dirpath, dirnames, filenames in os.walk(root):
|
|
|
e61ad23 |
for name in filenames:
|