I just discovered, because setroubleshootd was taking up all my CPU time :D, that there's a script kiddie console on my webserver, which is not only running selinux, but is running it with unconfined mostly off. This amuses me. Not least because it turns out I copied it over from my previous server 0.o, so it's been around for years. I've eliminated the immediate problem, in the form of: iptables -I INPUT -s 180.76.6.0/24 -j DROP iptables -I INPUT -s 180.76.5.0/24 -j DROP but I invite you all to poke at it: http://www.lojban.org/story/bok.php I'm just curious as to whether anyone can get it to do anything *remotely* bad, given my configuration. I'd rather you didn't ruin the machine (although I could certainly recover), but other than that, have at. -Robin -- http://singinst.org/ : Our last, best hope for a fantastic future. .i ko na cpedu lo nu stidi vau loi jbopre .i danfu lu na go'i li'u .e lu go'i li'u .i ji'a go'i lu na'e go'i li'u .e lu go'i na'i li'u .e lu no'e go'i li'u .e lu to'e go'i li'u .e lu lo mamta be do cu sofybakni li'u -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
