On Tue, 24 May 2005 10:47:12 EDT, Stephen Smalley said: > On Sun, 2005-05-22 at 21:53 -0400, Valdis.Kletnieks@xxxxxx wrote: > > Am I the only one here who thinks that this is really something that can't > > be supported in the context of the 'targeted' policy, and would be much > > easier to do in 'strict'? > > It shouldn't be done at all, other than to dontaudit these attempts. No > legitimate reason for a CGI script to be probing init's /proc/pid files. I've always been leery of using dontaudit to shut things up - it means that there's a possibility that we miss the early warning signs of an actual attack. I wonder if the cgi script is just doing something like 'ps ax|grep mydaemon' to see if a daemon is running...
Attachment:
pgpMKjxRu0Uql.pgp
Description: PGP signature
-- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-selinux-list
