I have a bash script running every 5 minutes in cron, that basically runs some commands like: mkdir, top, grep, date, wait, sleep, jstack. It runs on user bob.
It generates a lot of logs and I want to filter it out from auditd. This script has to run on user bob, so I cannot create a new user for this script specifically and filter by the user. I also want to keep other logs generated by bob. I have tried to change selinux policy for a custom made policy and unfilter it by specifying this policy in auditd rules. It works fine, however many more logs are now generated due to selinux denies. I have adjusted the policy further with the info I got from audit logs, however it finds another context needed almost every day.
My question is: how can I make a custom policy that allows pretty much everything but label it as let's say test_script_t to filter it out. I do not want to turn off Selinux, but I want to lower logs amount.
