On Wed, Sep 10, 2008 at 02:15:50PM -0800, Kristen R wrote: > Last night I had a users website hacked. The hacker then tried to use httpd to > access /etc files and directorys, as well as the root directory. SELinux > saved my system. Excellent! > I need to make a complaint to the ISP who is providing for this offender. I > have http access logs and error logs but they don't show very much. Other > then access which was valid (well, not valid) and 2 entries in the error log. > Is there a way I can correlate the AVC denials with the malious attacker? The > AVC messages do not have time stamps or IP addresses attached to them. There are timestamps on the AVCs, but they are encoded as time-since-UNIX-epoch in seconds. You can convert them to human readble and also narrow down the results with ausearch. All results, human readable: ausearch -i Other options are documented in ausearch(8) -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
