Re: Is Wordpress protecting by SELinux?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I'm using this on my prod system:

/usr/share/nginx/html/wordpress/.*\.php            all files          system_u:object_r:httpd_sys_script_exec_t:s0 
/usr/share/nginx/html/wordpress/wp-content         all files          system_u:object_r:httpd_sys_rw_content_t:s0 
/usr/share/nginx/html/wordpress/wp-content/plugins(/.*)? all files          system_u:object_r:httpd_sys_rw_content_t:s0 
/usr/share/nginx/html/wordpress/wp-content/themes(/.*)? all files          system_u:object_r:httpd_sys_rw_content_t:s0 
/usr/share/nginx/html/wordpress/wp-content/upgrade(/.*)? all files          system_u:object_r:httpd_sys_rw_content_t:s0 
/usr/share/nginx/html/wordpress/wp-content/uploads(/.*)? all files          system_u:object_r:httpd_sys_rw_content_t:s0 
/usr/share/nginx/html/wordpress/wp-content/wflogs(/.*)? all files          system_u:object_r:httpd_sys_rw_content_t:s0 
/usr/share/nginx/html/wordpress/wp-includes/.*\.php all files          system_u:object_r:httpd_sys_script_exec_t:s0

adapt your paths and add your definitions as follow:

semanage fcontext -a -t httpd_sys_script_exec_t '/usr/share/nginx/html/wordpress/.*\.php'
semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/nginx/html/wordpress/wp-content/plugins(/.*)?'
... 

yada yada

than apply your changes by doing

restorecon -RFv '/usr/share/nginx/html/'

check if your context is set probably

ls -laZ /usr/share/nginx/html/wordpress


On 8/31/20 7:01 AM, Roland Müller wrote:
Yes, I think so. The most important piece in SELinux setup is the type which is 'httpd_sys_rw_content_t' which stears the context transitions. 

Am So., 30. Aug. 2020 um 18:35 Uhr schrieb Jason Long <hack3rcon@xxxxxxxxx>:
Hello,
Is my WordPress directory protecting by SELinux?

$ ls -lZ /var/www/wordpress/
total 484
drwxrwxr-x. 2 apache apache unconfined_u:object_r:httpd_sys_rw_content_t:s0    
  6 Oct 30 2019 cgi-bin

-rwxrwxr-x. 1 apache apache unconfined_u:object_r:httpd_sys_rw_content_t:s0    
 53 Oct 21 2019 googlee4e6cdb3b56c49dd.html

-rwxrwxr-x. 1 apache apache unconfined_u:object_r:httpd_sys_rw_content_t:s0    
405 Apr 3 22:42 index.php

Thank you.
_______________________________________________
selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx

_______________________________________________
selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx
_______________________________________________
selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux