felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix(aa-log): relax audit log format.

Browse source
This commit is contained in:
Alexandre Pujol 2022-09-06 17:49:40 +01:00
parent 746a36bfb4
commit 6c9122c617
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
2 changed files with 6 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

8
cmd/aa-log/main.go
View file

@ -131,9 +131,9 @@ func getJournalctlDbusSessionLogs(file io.Reader, useFile bool) (io.Reader, erro
// NewApparmorLogs return a new ApparmorLogs list of map from a log file
func NewApparmorLogs(file io.Reader, profile string) AppArmorLogs {
log := ""
exp := "apparmor=(\"DENIED\"|\"ALLOWED\"|\"AUDIT\")"
exp := `apparmor=("DENIED"|"ALLOWED"|"AUDIT")`
if profile != "" {
exp = fmt.Sprintf(exp+".* (profile=\"%s.*\"|label=\"%s.*\")", profile, profile)
exp = fmt.Sprintf(exp+`.* (profile="%s.*"|label="%s.*")`, profile, profile)
}
isAppArmorLog := regexp.MustCompile(exp)
@ -147,8 +147,8 @@ func NewApparmorLogs(file io.Reader, profile string) AppArmorLogs {
}
// Clean logs
regex := regexp.MustCompile(`type=(USER_|)AVC msg=audit(.*): (pid=.*msg='|)apparmor`)
log = regex.ReplaceAllLiteralString(log, "apparmor")
regex := regexp.MustCompile(`.*apparmor="`)
log = regex.ReplaceAllLiteralString(log, `apparmor="`)
regexAppArmorLogs := map[*regexp.Regexp]string{
regexp.MustCompile(`(peer_|)pid=[0-9]* `): "",
regexp.MustCompile(` fsuid.*`): "",