Erm, I meant "SELinux in the wild!" in the subject. :P -Robin On Fri, Feb 17, 2012 at 10:48:15PM -0800, Robin Lee Powell wrote: > I just discovered, because setroubleshootd was taking up all my CPU > time :D, that there's a script kiddie console on my webserver, which > is not only running selinux, but is running it with unconfined > mostly off. > > This amuses me. Not least because it turns out I copied it over > from my previous server 0.o, so it's been around for years. > > I've eliminated the immediate problem, in the form of: > > iptables -I INPUT -s 180.76.6.0/24 -j DROP > iptables -I INPUT -s 180.76.5.0/24 -j DROP > > but I invite you all to poke at it: > > http://www.lojban.org/story/bok.php > > I'm just curious as to whether anyone can get it to do anything > *remotely* bad, given my configuration. I'd rather you didn't ruin > the machine (although I could certainly recover), but other than > that, have at. > > -Robin > > -- > http://singinst.org/ : Our last, best hope for a fantastic future. > .i ko na cpedu lo nu stidi vau loi jbopre .i danfu lu na go'i li'u .e > lu go'i li'u .i ji'a go'i lu na'e go'i li'u .e lu go'i na'i li'u .e > lu no'e go'i li'u .e lu to'e go'i li'u .e lu lo mamta be do cu sofybakni li'u > -- > selinux mailing list > selinux@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/selinux -- http://singinst.org/ : Our last, best hope for a fantastic future. .i ko na cpedu lo nu stidi vau loi jbopre .i danfu lu na go'i li'u .e lu go'i li'u .i ji'a go'i lu na'e go'i li'u .e lu go'i na'i li'u .e lu no'e go'i li'u .e lu to'e go'i li'u .e lu lo mamta be do cu sofybakni li'u -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
