Daniel J Walsh wrote:
On 10/21/2013 04:28 PM, Daniel J Walsh wrote:
On 10/21/2013 04:24 PM, m.roth@5-cent.us wrote:
The sealert tells me that a file named index.cgi is running avc on sysfs_t. Is there any tool that would get me the *full* path of index.cgi, as there are several of them, for several websites (including bugzilla)?
CentOS 6.4.
You can turn on full auditing which should generate the path.
<snip>
Or you can turn it on temporarily (Until next reboot)
auditctl -w /etc/shadow
Here is a blog I wrote on this a few years back.
No joy, anywhere. I found some AVC's and looked at the inode... /dev/char/203.11. And the sealert tells me only (for example) SELinux is preventing /usr/bin/perl from read access on the file /sys/devices/system/node/node0/meminfo.
Obviously, index.cgi is in perl....
mark