felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

doc: update aa-log man page.

Browse source
This commit is contained in:
Alexandre Pujol 2025-04-27 14:35:46 +02:00
parent 532676b421
commit 4bb57bed22
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
1 changed files with 21 additions and 21 deletions
Download patch file Download diff file Expand all files Collapse all files

42
share/man/man8/aa-log.8
View file

@ -1,10 +1,10 @@
.\" Automatically generated by Pandoc 3.1.9
.\" Automatically generated by Pandoc 3.1.12.1
.\"
.TH "aa-log" "8" "September 2024" "" ""
.TH "aa\-log" "8" "September 2024" "" ""
.SH NAME
aa-log \[em] Review AppArmor generated messages in a colorful way.
aa\-log \[em] Review AppArmor generated messages in a colorful way.
.SH SYNOPSIS
\f[B]aa-log\f[R] [\f[I]options\&...\f[R]] [\f[I]profile\f[R]]
\f[B]aa\-log\f[R] [\f[I]options\&...\f[R]] [\f[I]profile\f[R]]
.SH DESCRIPTION
Review AppArmor generated messages in a colourful way.
Support logs from \f[I]auditd\f[R], \f[I]systemd\f[R], \f[I]syslog\f[R]
@ -13,48 +13,48 @@ as well as \f[I]dbus session\f[R] events.
It can be given an optional profile name to filter the output with.
.PP
It can be used to generate AppArmor rules from the logs and it therefore
an alternative to \f[CR]aa-logprof(8)\f[R].
an alternative to \f[CR]aa\-logprof(8)\f[R].
The generated rules should be manually reviewed and inserted into the
profile.
.PP
Default logs are read from \f[CR]/var/log/audit/audit.log\f[R].
Other files in \f[CR]/var/log/audit/\f[R] can easily be checked:
\f[B]aa-log -f 1\f[R] parses \f[CR]audit.log.1\f[R]
\f[B]aa\-log \-f 1\f[R] parses \f[CR]audit.log.1\f[R]
.SH OPTIONS
\f[B]aa-log\f[R] [\f[I]options\&...\f[R]] [\f[I]profile\f[R]]
\f[B]aa\-log\f[R] [\f[I]options\&...\f[R]] [\f[I]profile\f[R]]
.TP
[\f[I]profile\f[R]]
Optional profile name to filter the output with.
.TP
\f[CR]--file\f[R], \f[CR]-f\f[R]
\f[CR]\-\-file\f[R], \f[CR]\-f\f[R]
Set a logfile or a suffix to the default log file.
.TP
\f[CR]--systemd\f[R], \f[CR]-s\f[R]
\f[CR]\-\-systemd\f[R], \f[CR]\-s\f[R]
Parse systemd logs from journalctl.
Provides all AppArmor logs since the last boot.
.TP
\f[CR]--rules\f[R], \f[CR]-r\f[R]
\f[CR]\-\-rules\f[R], \f[CR]\-r\f[R]
Convert the log into AppArmor rules.
.TP
\f[CR]--raw\f[R], \f[CR]-R\f[R]
\f[CR]\-\-raw\f[R], \f[CR]\-R\f[R]
Print the raw log without any formatting.
Useful for reporting logs.
.TP
\f[CR]--help\f[R], \f[CR]-h\f[R]
\f[CR]\-\-help\f[R], \f[CR]\-h\f[R]
Print the program usage.
.SH USAGE
To read the AppArmor log from \f[CR]/var/log/audit/audit.log\f[R]:
.IP
.EX
aa-log
aa\-log
.EE
.PP
To optionally filter a given profile name:
\f[CR]aa-log <profile-name>\f[R] (your shell will autocomplete the
\f[CR]aa\-log <profile\-name>\f[R] (your shell will autocomplete the
profile name):
.IP
.EX
$ aa-log dnsmasq
$ aa\-log dnsmasq
DENIED dnsmasq open /proc/sys/kernel/osrelease comm=dnsmasq requested_mask=r denied_mask=r
DENIED dnsmasq open /proc/1/environ comm=dnsmasq requested_mask=r denied_mask=r
DENIED dnsmasq open /proc/cmdline comm=dnsmasq requested_mask=r denied_mask=r
@ -63,7 +63,7 @@ DENIED dnsmasq open /proc/cmdline comm=dnsmasq requested_mask=r denied_mask=r
To generate AppArmor rule:
.IP
.EX
$ aa-log -r dnsmasq
$ aa\-log \-r dnsmasq
profile dnsmasq {
\[at]{PROC}/\[at]{pid}/environ r,
\[at]{PROC}/cmdline r,
@ -71,9 +71,9 @@ profile dnsmasq {
}
.EE
.SH SEE ALSO
\f[CR]aa-logprof(8)\f[R], \f[CR]apparmor(7)\f[R],
\f[CR]apparmor.d(5)\f[R], \f[CR]aa-genprof(1)\f[R],
\f[CR]aa-enforce(1)\f[R], \f[CR]aa-complain(1)\f[R],
\f[CR]aa-disable(1)\f[R], and https://apparmor.pujol.io.
\f[CR]aa\-logprof(8)\f[R], \f[CR]apparmor(7)\f[R],
\f[CR]apparmor.d(5)\f[R], \f[CR]aa\-genprof(1)\f[R],
\f[CR]aa\-enforce(1)\f[R], \f[CR]aa\-complain(1)\f[R],
\f[CR]aa\-disable(1)\f[R], and https://apparmor.pujol.io.
.SH AUTHORS
aa-log was written by Alexandre Pujol (alexandre\[at]pujol.io).
aa\-log was written by Alexandre Pujol (alexandre\[at]pujol.io).