-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/21/2013 04:24 PM, m.roth@xxxxxxxxx wrote: > The sealert tells me that a file named index.cgi is running avc on sysfs_t. > Is there any tool that would get me the *full* path of index.cgi, as there > are several of them, for several websites (including bugzilla)? > > CentOS 6.4. > > mark > > -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/selinux > You can turn on full auditing which should generate the path. I add - -w /etc/shadow to /etc/audit/audit.rules Or you can turn it on temporarily (Until next reboot) auditctl -w /etc/shadow -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlJljoMACgkQrlYvE4MpobMmVACgsVbR4KO7eU20bsL2t1QYY22/ byQAoLqmmYSEuCkcYcn+TDjeoO1S2pIc =EKIL -----END PGP SIGNATURE----- -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
