concatenante log learning files

Submit your RBAC policies or suggest policy improvements

concatenante log learning files

Postby rom2mars » Fri Feb 14, 2014 8:48 am

Hello,

is it possible to concatenate two learning log files to make the policy?




Example:

1)
Code: Select all
gradm -F -L /etc/grsec/learning01.log
gradm -D
gradm -F -L /etc/grsec/learning01.log -O /etc/grsec/policy


2) (few weeks later)
Code: Select all
gradm -F -L /etc/grsec/learning02.log
gradm -D
cat learning01.log learning02.log > new_learning.log # I don't want lose the old learning file
gradm -F -L /etc/grsec/new_learning.log -O /etc/grsec/policy



Do I use the good way, to make a full learning increasing little by little?



Sorry for my bad english,

Thanks in advance,

Best regards,
Romain
rom2mars
 
Posts: 16
Joined: Fri Feb 07, 2014 10:52 am

Re: concatenante log learning files

Postby spender » Sat Feb 15, 2014 3:06 pm

It's possible to do that, yes. Depending on the size of the log, it may be useful to sort -u the file before running the final policy generation command.

-Brad
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm


Return to RBAC policy development

cron