On Wed, 10 Sep 2008, Kristen R wrote: > Last night I had a users website hacked. The hacker then tried to use httpd to > access /etc files and directorys, as well as the root directory. SELinux > saved my system. > > I need to make a complaint to the ISP who is providing for this offender. I > have http access logs and error logs but they don't show very much. Other > then access which was valid (well, not valid) and 2 entries in the error log. > Is there a way I can correlate the AVC denials with the malious attacker? The > AVC messages do not have time stamps or IP addresses attached to them. > > Thank you for your assistance, and for SELinux! You should be able to find more detailed information in the audit log. Try "ausearch -x httpd" Any idea how they attacked the web server? - James -- James Morris <jmorris@xxxxxxxxx> -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
