在 的输出中sealert
,应如何评估插件置信度?
最高值应该意味着最推荐的操作。但是,它们是用百分比表示的吗?它们是如何计算的?
[root@mybox ~]# sealert -a /var/log/audit/audit.log
100% done
found 4 alerts in /var/log/audit/audit.log
--------------------------------------------------------------------------------
SELinux is preventing snapd from search access on the directory /var/lib/snapd/snap/certbot/652.
***** Plugin restorecon (54.2 confidence) suggests ************************
If you want to fix the label.
/var/lib/snapd/snap/certbot/652 default label should be snappy_var_lib_t.
Then you can run restorecon. The access attempt may have been stopped due to insufficient permissions to access a parent directory in which case try to change the following command accordingly.
Do
# /sbin/restorecon -v /var/lib/snapd/snap/certbot/652
***** Plugin file (16.6 confidence) suggests ******************************
This is caused by a newly created file system.
Then you need to add labels to it.
Do
/sbin/restorecon -R -v /var/lib/snapd/snap/certbot/652
***** Plugin file (16.6 confidence) suggests ******************************
If you think this is caused by a badly mislabeled machine.
Then you need to fully relabel.
Do
touch /.autorelabel; reboot
(...)