On Tuesday 12 August 2008 15:44, Jancio Wodnik wrote:
Hm. And what about selinux and httpd ? Selinux is securing httpd from this attacks, right ? Selinux was disabled ?
good point, SElinux is set to permissive on this system because we had to get up and running in a hurry and support a lot of legacy apps that do unusual things. apache needs to read/write various config and include files that are in non-standard locations. We tried it enabled and nothing worked.
in the audit.log I am seeing where it wanted to deny the bot a tcp_socket. So that would have been good :/
Maybe enabling selinux but leaving httpd opened up would be appropriate for the time being. Is that possible or advisable? audit2allow wants to allow a lot of things.