Merge "add sealert diagosis of selinux errors"

2021-04-27 05:30:56 +00:00 · 2021-04-27 05:30:56 +00:00 · 3b46f036ff
parent 04302378a6 b4aa76a819
commit 3b46f036ff
2 changed files with 11 additions and 1 deletions
--- a/roles/collect_logs/defaults/main.yml
+++ b/roles/collect_logs/defaults/main.yml
@ -284,9 +284,12 @@ artcl_commands:
      cmd: |
        systemctl list-units --full --all
        systemctl status "*"
-    denials:
+    selinux_denials:
      cmd: >
        grep -i denied /var/log/audit/audit*
+    selinux_denials_detail:
+      cmd: >
+        sealert -a /var/log/extra/selinux_denials.txt
    seqfaults:
      cmd: >
        grep -v ansible-command /var/log/messages | grep segfault
--- a/roles/collect_logs/tasks/collect.yml
+++ b/roles/collect_logs/tasks/collect.yml
@ -27,6 +27,13 @@
        data: "{{ combined_cmds | dict2items|selectattr('key', 'in', collect_log_types) | list | items2dict }}"
      register: artcl_commands_flatten

+    - name: install setools
+      ansible.builtin.package:
+        name:
+          - setools
+          - setroubleshoot
+        state: present
+
    - name: Run artcl_commands
      # noqa 305
      # noqa 102 :: No Jinja2 in when