Simulating a hacker attack
pedro esteban
pedro.esteba at gmail.com
Tue Sep 27 09:09:33 UTC 2005
Hi, im having problems with the audit of denail messages with the
targeted policy
Im using runcon with a shell script to simulate what would happen if a
hacker was successfull hacking the web server, so i execute the next
command: runcon -u system_u -r system_r -t httpd_t /bin/bash
I can only get this to work in permissive mode because if i execute it
in enforcing mode i get an error (execvp: Permission denied)
When i execute the command in permissive mode and im running in the
new "httpd-shell", i execute 'id -Z' and get this:
"system_u:system_r:httpd_t", so i think i running in the correct web
server security context.
The problem is that i dont recieve any error message in the
/var/log/messages when i try to do not-alloweds operations (like to
delete a file under /etc)
(I have enabled all-auditing with make enableaudit;makeload under policy src)
thanks in advance
More information about the selinux
mailing list