In the output of sealert, how one should evaluate plugin confidence levels?
The highest value should mean the most recommended action. However, are they expressed in percent? How are they calculated?
[root@mybox ~]# sealert -a /var/log/audit/audit.log
100% done
found 4 alerts in /var/log/audit/audit.log
--------------------------------------------------------------------------------
SELinux is preventing snapd from search access on the directory /var/lib/snapd/snap/certbot/652.
***** Plugin restorecon (54.2 confidence) suggests ************************
If you want to fix the label.
/var/lib/snapd/snap/certbot/652 default label should be snappy_var_lib_t.
Then you can run restorecon. The access attempt may have been stopped due to insufficient permissions to access a parent directory in which case try to change the following command accordingly.
Do
/sbin/restorecon -v /var/lib/snapd/snap/certbot/652
***** Plugin file (16.6 confidence) suggests ******************************
This is caused by a newly created file system.
Then you need to add labels to it.
Do
/sbin/restorecon -R -v /var/lib/snapd/snap/certbot/652
***** Plugin file (16.6 confidence) suggests ******************************
If you think this is caused by a badly mislabeled machine.
Then you need to fully relabel.
Do
touch /.autorelabel; reboot
(...)
