From 2fafd6afb3282f250a41c71d742e02d013840802 Mon Sep 17 00:00:00 2001
From: Stanley Chinedu Ogada <102979724+stanleyogada@users.noreply.github.com>
Date: Sun, 8 Sep 2024 13:57:12 +0100
Subject: [PATCH] audit2allow: add page (#13612)

* audit2allow: add page

* audit2allow: fix man page link

* audit2allow: add a caution note and separate the install example

---------

Co-authored-by: Wiktor Perskawiec <git@spageektti.cc>
---
 pages/linux/audit2allow.md | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)
 create mode 100644 pages/linux/audit2allow.md

diff --git a/pages/linux/audit2allow.md b/pages/linux/audit2allow.md
new file mode 100644
index 000000000..d5abbdb44
--- /dev/null
+++ b/pages/linux/audit2allow.md
@@ -0,0 +1,21 @@
+# audit2allow
+
+> Create an SELinux local policy module to allow rules based on denied operations found in logs.
+> Note: Use audit2allow with caution—always review the generated policy before applying it, as it may allow excessive access.
+> More information: <https://manned.org/audit2allow>.
+
+- Generate a local policy to allow access for all denied services:
+
+`sudo audit2allow --all -M {{local_policy_name}}`
+
+- Generate a local policy module to grant access to a specific process/service/command from the audit logs:
+
+`sudo grep {{apache2}} /var/log/audit/audit.log | sudo audit2allow -M {{local_policy_name}}`
+
+- Inspect and review the Type Enforcement (.te) file for a local policy:
+
+`vim {{local_policy_name}}.te`
+
+- Install a local policy module:
+
+`sudo semodule -i {{local_policy_name}}.pp`