Hi,
i want to ask about 2 strange audit messages. The messages are these:
Nov 5 14:14:24 asgard kernel: audit(1194268464.097:309): avc: denied
{ search } for pid=22933 comm="sh" name="src" dev=dm-0 ino=5244065
scontext=root:system_r:httpd_t:s0 tcontext=system_u:object_r:src_t:s0
tclass=dir
Nov 5 14:14:24 asgard kernel: audit(1194268464.124:310): avc: denied
{ getattr } for pid=22933 comm="sh" name="SPECS" dev=dm-0 ino=5865755
scontext=root:system_r:httpd_t:s0 tcontext=system_u:object_r:src_t:s0
tclass=dir
i don't know what is the reason sh to try to make something in /usr/src
and /usr/src/redhat/SPEC
we have not set some script that to have task to do something in these
directories. is it possible to be some hack attack ? also i see that
scontext is this: scontext=root:system_r:httpd_t:s0 is it possible to
understand where is the file that try to use "sh" ?
Also the audits:
Nov 5 12:03:07 casamerica kernel: audit(1194260587.185:40): avc:
denied { read write } for pid=26690 comm="listinfo" name="" dev=sockfs
ino=1414447 scontext=system_u:system_r:mailman_cgi_t:s0
tcontext=system_u:system_r:httpd_t:s0 tclass=unix_stream_socket
i have some similar messages related with mailmain, what is the best
that i can do to solve these messages?
Thanks in advanced!
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
