avc_av_stats - Linux
Overview
avc_av_stats is an SELinux command that provides detailed information about the security status of a system. It analyzes the AVC (Access Vector Cache) cache and presents statistics related to permissions granted and denied by SELinux.
Syntax
avc_av_stats [options]
Options/Flags
- -l, –labels: List labels that were used in the AVC cache during the given time period.
- -t, –time: Specify a time range in milliseconds to filter the statistics. The default range is the time since the system was last booted.
- -c, –cleared: Display statistics for AVC denials that have been cleared.
- -y, –raw: Output raw data instead of summarized statistics.
- -h, –help: Display help information.
Examples
- Display AVC cache statistics for the last 10 minutes:
avc_av_stats -t 600000
- List labels used in the AVC cache:
avc_av_stats -l
- Display raw data without summarization:
avc_av_stats -y
Common Issues
- If the command does not return any results, it could indicate that SELinux is not enabled or that there have been no recent AVC events.
- Raw data output can be complex and difficult to interpret. Use the
-l
and-t
options to filter the data for easier analysis.
Integration
- ausearch: Use
ausearch -m avc
to extract audit records related to AVC events. - grep: Filter raw output from
avc_av_stats -y
to find specific patterns. - scripts: Create scripts that monitor and report on AVC statistics for security analysis.
Related Commands
- audit2allow: Generates SELinux policy to allow previously denied AVC requests.
- ausearch: Searches security audit logs.
- semanage: Manages SELinux settings and policies.