FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora SELinux Support

 
 
LinkBack Thread Tools
 
Old 09-10-2008, 10:31 PM
Chuck Anderson
 
Default Help with AVC messages

On Wed, Sep 10, 2008 at 02:15:50PM -0800, Kristen R wrote:
> Last night I had a users website hacked. The hacker then tried to use httpd to
> access /etc files and directorys, as well as the root directory. SELinux
> saved my system.

Excellent!

> I need to make a complaint to the ISP who is providing for this offender. I
> have http access logs and error logs but they don't show very much. Other
> then access which was valid (well, not valid) and 2 entries in the error log.
> Is there a way I can correlate the AVC denials with the malious attacker? The
> AVC messages do not have time stamps or IP addresses attached to them.

There are timestamps on the AVCs, but they are encoded as
time-since-UNIX-epoch in seconds. You can convert them to human
readble and also narrow down the results with ausearch.

All results, human readable:

ausearch -i

Other options are documented in ausearch(8)

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 

Thread Tools




All times are GMT. The time now is 12:02 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org