audit2allow – generate SELinux policy allow rules from logs of denied operations.
Running:
yum provides audit2allow
As you may know, to install that package run:
yum install policycoreutils-python
The following example demonstrates using audit2allow to create a policy module.
Run the audit2allow -a command to view the Type Enforcement rule that allows the denied access.
To use the rule displayed by audit2allow -a, run the audit2allow -a -M mycertwatch command as the Linux root user to create custom module. The -M option creates a Type Enforcement file (.te) with the name specified with -M, in your current working directory.
Also, audit2allow compiles the Type Enforcement rule into a policy package (.pp). To install the module, run the semodule -i mycertwatch.pp command as the Linux root user.
grep command to narrow down the input for audit2allow. The following example demonstrates using grep to only send denials related to certwatch through audit2allow:~]#grep certwatch /var/log/audit/audit.log | audit2allow -M mycertwatch2******************** IMPORTANT *********************** To make this policy package active, execute: ~]#semodule -i mycertwatch2.pp