avc_av_stats - Linux

Overview

avc_av_stats is an SELinux command that provides detailed information about the security status of a system. It analyzes the AVC (Access Vector Cache) cache and presents statistics related to permissions granted and denied by SELinux.

Syntax

avc_av_stats [options]

Options/Flags

• -l, –labels: List labels that were used in the AVC cache during the given time period.
• -t, –time: Specify a time range in milliseconds to filter the statistics. The default range is the time since the system was last booted.
• -c, –cleared: Display statistics for AVC denials that have been cleared.
• -y, –raw: Output raw data instead of summarized statistics.
• -h, –help: Display help information.

Examples

• Display AVC cache statistics for the last 10 minutes:

avc_av_stats -t 600000

• List labels used in the AVC cache:

avc_av_stats -l

• Display raw data without summarization:

avc_av_stats -y

Common Issues

• If the command does not return any results, it could indicate that SELinux is not enabled or that there have been no recent AVC events.
• Raw data output can be complex and difficult to interpret. Use the -l and -t options to filter the data for easier analysis.

Integration

• ausearch: Use ausearch -m avc to extract audit records related to AVC events.
• grep: Filter raw output from avc_av_stats -y to find specific patterns.
• scripts: Create scripts that monitor and report on AVC statistics for security analysis.

Related Commands

• audit2allow: Generates SELinux policy to allow previously denied AVC requests.
• ausearch: Searches security audit logs.
• semanage: Manages SELinux settings and policies.