CompTIA Linux+ (XK0-004) — Question 118

A Linux administrator is helping the security team troubleshoot an SELinux policy violation incident. Which of the following would be the BEST utility command to display SELinux violation and AVC denial messages?

Answer options

• A. journalctl | grep sealert
• B. sealert ג€"a /var/log/audit/audit.log
• C. aureport | grep AVC
• D. cat /var/log/messages | grep selinux

Correct answer: B

Explanation

The correct answer is B because the 'sealert' command is specifically designed to analyze SELinux alerts and provide detailed information about violations from the audit log. Options A, C, and D do not directly focus on SELinux alerts, making them less effective for this specific troubleshooting task.