add sealert diagosis of selinux errors

Change-Id: I698ffb89477a7bca29a83ad943816c0c30d0d3f5
This commit is contained in:
Wes Hayutin 2021-04-21 08:30:53 -06:00 committed by wes hayutin
parent a89834e557
commit b4aa76a819
2 changed files with 11 additions and 1 deletions

View File

@ -281,9 +281,12 @@ artcl_commands:
cmd: | cmd: |
systemctl list-units --full --all systemctl list-units --full --all
systemctl status "*" systemctl status "*"
denials: selinux_denials:
cmd: > cmd: >
grep -i denied /var/log/audit/audit* grep -i denied /var/log/audit/audit*
selinux_denials_detail:
cmd: >
sealert -a /var/log/extra/selinux_denials.txt
seqfaults: seqfaults:
cmd: > cmd: >
grep -v ansible-command /var/log/messages | grep segfault grep -v ansible-command /var/log/messages | grep segfault

View File

@ -27,6 +27,13 @@
data: "{{ combined_cmds | dict2items|selectattr('key', 'in', collect_log_types) | list | items2dict }}" data: "{{ combined_cmds | dict2items|selectattr('key', 'in', collect_log_types) | list | items2dict }}"
register: artcl_commands_flatten register: artcl_commands_flatten
- name: install setools
ansible.builtin.package:
name:
- setools
- setroubleshoot
state: present
- name: Run artcl_commands - name: Run artcl_commands
# noqa 305 # noqa 305
# noqa 102 :: No Jinja2 in when # noqa 102 :: No Jinja2 in when