Valdis.Kletnieks@xxxxxx wrote:
On Tue, 24 May 2005 10:47:12 EDT, Stephen Smalley said:
On Sun, 2005-05-22 at 21:53 -0400, Valdis.Kletnieks@xxxxxx wrote:
Am I the only one here who thinks that this is really something that can't
be supported in the context of the 'targeted' policy, and would be much
easier to do in 'strict'?
It shouldn't be done at all, other than to dontaudit these attempts. No
legitimate reason for a CGI script to be probing init's /proc/pid files.
I've always been leery of using dontaudit to shut things up - it means that there's
a possibility that we miss the early warning signs of an actual attack.
I wonder if the cgi script is just doing something like 'ps ax|grep mydaemon'
to see if a daemon is running...
kill5 and pidof can also cause these to happen.
------------------------------------------------------------------------
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-selinux-list
--
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-selinux-list
