On Thu, Oct 1, 2009 at 7:43 PM, Matthew Ife <deleriux@airattack-central.com> wrote:

I would recommend grepping all your http access logs for the timestamp
Sep 30 00:33 and seeing what pages were called. That might lead to some
clues.

Put a auditctl watch to /usr/bin/uptime

On Thu, 2009-10-01 at 18:59 +0200, Dominick Grift wrote:
>
> > >> exe="/usr/bin/uptime" subj=user_u:system_r:httpd_t:s0

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list