Simulating a hacker attack

pedro esteban pedro.esteba at
Tue Sep 27 09:09:33 UTC 2005

Hi, im having problems with the audit of denail messages with the
targeted policy

Im using runcon with a shell script to simulate what would happen if a
hacker was successfull hacking the web server, so i execute the next
command:  runcon -u system_u -r system_r -t httpd_t /bin/bash

I can only get this to work in permissive mode because if i execute it
in enforcing mode i get an error (execvp: Permission denied)
When i execute the command in permissive mode and im running in the
new "httpd-shell", i execute 'id -Z' and get this:
"system_u:system_r:httpd_t", so i think i running in the correct web
server security context.

The problem is that i dont recieve any error message in the
/var/log/messages when i try to do not-alloweds operations (like to
delete a  file under /etc)

(I have enabled all-auditing with make enableaudit;makeload under policy src)

thanks in advance

More information about the fedora-selinux-list mailing list