audit2allow is a command-line tool used in Linux systems to analyze audit logs generated by the audit subsystem and generate SELinux policy rules to allow actions that were previously denied by SELinux. SELinux (Security-Enhanced Linux) is a security mechanism implemented in the Linux kernel to provide mandatory access control policies.
When SELinux denies an action, it generates an audit log entry explaining the denial. These audit logs can be analyzed by audit2allow to determine the necessary SELinux policy rules that would allow the denied action to be performed.
In Ubuntu, you can install the audit2allow using below command,
$ sudo apt install policycoreutils-python-utils
Once, it installation is complete you can check the audit2allow command as,
$ which audit2allow
/usr/bin/audit2allow
audit2allow –help
Usage: audit2allow [options]
- Options:
- –version show program’s version number and exit
- -h, –help show this help message and exit
- -b, –boot audit messages since last boot conflicts with -i
- -a, –all read input from audit log – conflicts with -i
- -p POLICY, –policy=POLICY – Policy file to use for analysis
- -d, –dmesg read input from dmesg – conflicts with –all and –input
- -i INPUT, –input=INPUT read input from – conflicts with -a
- -l, –lastreload read input only after the last reload
- -r, –requires generate require statements for rules
- -m MODULE, –module=MODULE set the module name – implies –requires
- -M MODULE_PACKAGE, –module-package=MODULE_PACKAGE generate a module package – conflicts with -o and -m
- -o OUTPUT, –output=OUTPUT append output to , conflicts with -M
- -D, –dontaudit generate policy with dontaudit rules
- -R, –reference generate refpolicy style output
- -N, –noreference do not generate refpolicy style output
- -v, –verbose explain generated output
- -e, –explain fully explain generated output
- -t TYPE, –type=TYPE only process messages with a type that matches this regex
- –perm-map=PERM_MAP file name of perm map
- –interface-info=INTERFACE_INFO file name of interface information
- -x, –xperms generate extended permission rules
- –debug leave generated modules for -M
- -w, –why Translates SELinux audit messages into a description of why the access was denied