From 0d20ac469645882fba1f4f83d7d72d3ad0a714e9 Mon Sep 17 00:00:00 2001 From: Wes Hayutin Date: Fri, 11 Sep 2020 07:17:35 -0600 Subject: [PATCH] use sova to check for selinux denials sova is already parsing logs for common errors. Should be an easy win to flag selinux denials Change-Id: I5afd3998cce051905f7a972089230003a0a59d87 --- tasks/sova.yml | 1 + vars/sova-patterns.yml | 6 ++++++ 2 files changed, 7 insertions(+) diff --git a/tasks/sova.yml b/tasks/sova.yml index 71fddc8..1a68157 100644 --- a/tasks/sova.yml +++ b/tasks/sova.yml @@ -13,5 +13,6 @@ "ironic-conductor": "/var/log/containers/ironic/ironic-conductor.log" syslog: "/var/log/journal.txt" logstash: "/var/log/extra/logstash.txt" + selinux: "/var/log/extra/denials.txt" result: "{{ ansible_user_dir }}/workspace/logs/failures_file" result_file_dir: "{{ ansible_user_dir }}/workspace/logs" diff --git a/vars/sova-patterns.yml b/vars/sova-patterns.yml index 52b6de1..3e8ae8e 100644 --- a/vars/sova-patterns.yml +++ b/vars/sova-patterns.yml @@ -775,3 +775,9 @@ patterns: msg: 'Introspection failed, cannot get IP address' tag: 'infra' pattern: 'socket.error: [Errno 99] Cannot assign requested address' + "selinux": + - id: 700 + logstash: 'denied' + msg: 'selinux denials found' + tag: 'code' + pattern: 'denied'