Mass Deface Email Grabber
= 0: print("%s\n\tWas caused by:" % i.message) if rc == audit2why.ALLOW: print("\t\tUnknown - would be allowed by active policy") print("\t\tPossible mismatch between this policy and the one under which the audit message was generated.\n") print("\t\tPossible mismatch between current in-memory boolean settings vs. permanent ones.\n") continue if rc == audit2why.DONTAUDIT: print("\t\tUnknown - should be dontaudit'd by active policy") print("\t\tPossible mismatch between this policy and the one under which the audit message was generated.\n") print("\t\tPossible mismatch between current in-memory boolean settings vs. permanent ones.\n") continue if rc == audit2why.BOOLEAN: if len(data) > 1: print("\tOne of the following booleans was set incorrectly.") for b in data: print("\tDescription:\n\t%s\n" % seobject.boolean_desc(b[0])) print("\tAllow access by executing:\n\t# setsebool -P %s %d" % (b[0], b[1])) else: print("\tThe boolean %s was set incorrectly. " % (data[0][0])) print("\tDescription:\n\t%s\n" % seobject.boolean_desc(data[0][0])) print("\tAllow access by executing:\n\t# setsebool -P %s %d" % (data[0][0], data[0][1])) continue if rc == audit2why.TERULE: print("\t\tMissing type enforcement (TE) allow rule.\n") print("\t\tYou can use audit2allow to generate a loadable module to allow this access.\n") continue if rc == audit2why.CONSTRAINT: print() # !!!! This avc is a constraint violation. You would need to modify the attributes of either the source or target types to allow this access.\n" print("#Constraint rule:") print("\n#\t" + data[0]) for reason in data[1:]: print("#\tPossible cause is the source %s and target %s are different.\n" % reason) if rc == audit2why.RBAC: print("\t\tMissing role allow rule.\n") print("\t\tAdd an allow rule for the role pair.\n") continue audit2why.finish() return def __output(self): if self.__options.audit2why: try: return self.__output_audit2why() except RuntimeError as e: print(e) sys.exit(1) g = policygen.PolicyGenerator() g.set_gen_dontaudit(self.__options.dontaudit) if self.__options.module: g.set_module_name(self.__options.module) # Interface generation if self.__options.refpolicy: ifs, perm_maps = self.__load_interface_info() g.set_gen_refpol(ifs, perm_maps) # Explanation if self.__options.verbose: g.set_gen_explain(policygen.SHORT_EXPLANATION) if self.__options.explain_long: g.set_gen_explain(policygen.LONG_EXPLANATION) # Requires if self.__options.requires: g.set_gen_requires(True) # Generate the policy g.add_access(self.__avs) g.add_role_types(self.__role_types) # Output writer = output.ModuleWriter() # Module package if self.__options.module_package: self.__output_modulepackage(writer, g) else: # File or stdout if self.__options.module: g.set_module_name(self.__options.module) if self.__options.output: fd = open(self.__options.output, "a") else: fd = sys.stdout writer.write(g.get_module(), fd) def main(self): try: self.__parse_options() if self.__options.policy: audit2why.init(self.__options.policy) else: audit2why.init() self.__read_input() self.__process_input() self.__output() except KeyboardInterrupt: sys.exit(0) except ValueError as e: print(e) sys.exit(1) except IOError as e: print(e) sys.exit(1) if __name__ == "__main__": app = AuditToPolicy() app.main()