A quick avc question - identifying source file
Daniel J Walsh
dwalsh at redhat.com
Mon Oct 21 20:30:17 UTC 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 10/21/2013 04:28 PM, Daniel J Walsh wrote:
> On 10/21/2013 04:24 PM, m.roth at 5-cent.us wrote:
>> The sealert tells me that a file named index.cgi is running avc on
>> sysfs_t. Is there any tool that would get me the *full* path of
>> index.cgi, as there are several of them, for several websites (including
>> bugzilla)?
>
>> CentOS 6.4.
>
>> mark
>
>> -- selinux mailing list selinux at lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/selinux
>
> You can turn on full auditing which should generate the path.
>
> I add
>
> -w /etc/shadow
>
> to
>
> /etc/audit/audit.rules
>
> Or you can turn it on temporarily (Until next reboot)
>
> auditctl -w /etc/shadow
>
> -- selinux mailing list selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
>
>
Here is a blog I wrote on this a few years back.
http://danwalsh.livejournal.com/34903.html?thread=220247
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlJljtkACgkQrlYvE4MpobP5lACgoZcncssFT069dkmUp79yU2MG
v8UAoJhVUx7KMo62PDbig+QNjaCGuyVz
=qmwR
-----END PGP SIGNATURE-----
More information about the selinux
mailing list