Simulating a hacker attack
Eric Paris
eparis at redhat.com
Tue Sep 27 13:55:36 UTC 2005
Are you using a system with auditd? Check /var/log/audit/audit.log
-Eric
On Tue, 2005-09-27 at 15:31 +0200, pedro esteban wrote:
> > Ok here is how I have simulated what you are trying to do.
> >
> > cp /bin/sh /var/www/httpdsh
> > chcon -t httpd_exec_t /var/www/httpdsh
> >
> > Add the following lines to
> > /etc/selinux/targeted/src/policy/domains/misc/local.te
> >
> >
> > domain_auto_trans(unconfined_t,httpd_exec_t, httpd_t)
> > allow httpd_t devpts_t:chr_file rw_file_perms;
> >
> > cd /etc/selinux/targeted/src/policy/
> > make load
> > setsebool httpd_tty_comm=1
> >
> > Then run
> > /var/www/httpdsh
> > as root.
> >
> > /var/www/httpdsh
> > httpdsh: /root/.bashrc: Permission denied
> > # id
> > uid=0(root) gid=0(root)
> > groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)
> > context=root:system_r:httpd_t:s0-s0:c0.c127
> > # cat /etc/shadow
> > cat: /etc/shadow: Permission denied
> > # cat /var/log/messages
> > cat: /var/log/messages: Permission denied
>
> ok, finally I have obtained it works! thanks
> But still I have a problem, when i do a non-allowed operation i can
> not see the avc dennied message in the /var/log/messeges. i have
> tried to solve it compiling with the option "make enableaudit" and
> also doing the operation in permissive mode, but still doesnt work.
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
More information about the fedora-selinux-list
mailing list