Last night I had a users website hacked. The hacker then tried to use httpd to access /etc files and directorys, as well as the root directory. SELinux saved my system. I need to make a complaint to the ISP who is providing for this offender. I have http access logs and error logs but they don't show very much. Other then access which was valid (well, not valid) and 2 entries in the error log. Is there a way I can correlate the AVC denials with the malious attacker? The AVC messages do not have time stamps or IP addresses attached to them. Thank you for your assistance, and for SELinux! Kristen -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
