SELinux and Apache.

Support for security such as Firewalls and securing linux
hack3rcon
Posts: 757
Joined: 2014/11/24 11:04:37

SELinux and Apache.

Post by hack3rcon » 2019/05/19 20:25:19

Hello.
I installed Apache and when I browse server IP address then I can see Apache test page. I want to install "Magento" and when I copied "Magento" installation files in "/var/www/html" and browse server IP address then I can't see installation wizard. I guess it is because of SELinux enabled. How can I configure SELinux for "Magento" ?

Thank you.

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: SELinux and Apache.

Post by TrevorH » 2019/05/19 21:36:10

Run restorecon -RFv /var/ww/html to reset all the bad selinux contexts on the files under /var/www/html.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

hack3rcon
Posts: 757
Joined: 2014/11/24 11:04:37

Re: SELinux and Apache.

Post by hack3rcon » 2019/05/20 04:56:51

TrevorH wrote:
2019/05/19 21:36:10
Run restorecon -RFv /var/ww/html to reset all the bad selinux contexts on the files under /var/www/html.
Bad SELinux contexts? I guess after this command something is wrong because when I browse "http://IP/phpinfo.php" then it show me:

Code: Select all

<?php

// Show all information, defaults to INFO_ALL
phpinfo();

?>

hack3rcon
Posts: 757
Joined: 2014/11/24 11:04:37

Re: SELinux and Apache.

Post by hack3rcon » 2019/05/20 20:28:17

Any idea?
When a wrong SELinux configuration applied on a directory then how can I restore it to default?

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: SELinux and Apache.

Post by TrevorH » 2019/05/20 20:38:49

You've fixed your selinux problem but now your web server doesn't know how to run .php files so it is just serving them up to clients as text files (because without a php to run, that's all they are).
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

hack3rcon
Posts: 757
Joined: 2014/11/24 11:04:37

Re: SELinux and Apache.

Post by hack3rcon » 2019/05/21 05:38:08

TrevorH wrote:
2019/05/20 20:38:49
You've fixed your selinux problem but now your web server doesn't know how to run .php files so it is just serving them up to clients as text files (because without a php to run, that's all they are).
My web server has lamp and I can run ".php" files via "php" command.

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: SELinux and Apache.

Post by TrevorH » 2019/05/21 06:11:30

Good. But you cannot via your web server so you need to fix that.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

hack3rcon
Posts: 757
Joined: 2014/11/24 11:04:37

Re: SELinux and Apache.

Post by hack3rcon » 2019/05/21 06:29:52

TrevorH wrote:
2019/05/21 06:11:30
Good. But you cannot via your web server so you need to fix that.
I removed "php72" and installed "php72-php" and problem solved.

hack3rcon
Posts: 757
Joined: 2014/11/24 11:04:37

Re: SELinux and Apache.

Post by hack3rcon » 2019/05/27 12:23:48

Excuse me, I did

Code: Select all

restorecon -RFv /var/www/html
but I don't that why I can't see "Magento" installation wizard. Can anyone test "Magento"?

Code: Select all

# ls -Z
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 app
-rw-r--r--. root root system_u:object_r:httpd_sys_content_t:s0 auth.json.sample
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 bin
-rw-r--r--. root root system_u:object_r:httpd_sys_content_t:s0 CHANGELOG.md
-rw-r--r--. root root system_u:object_r:httpd_sys_content_t:s0 composer.json
-rw-r--r--. root root system_u:object_r:httpd_sys_content_t:s0 composer.lock
-rw-r--r--. root root system_u:object_r:httpd_sys_content_t:s0 COPYING.txt
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 dev
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 generated
-rw-r--r--. root root system_u:object_r:httpd_sys_content_t:s0 grunt-config.json.sample
-rw-r--r--. root root system_u:object_r:httpd_sys_content_t:s0 Gruntfile.js.sample
-rw-r--r--. root root system_u:object_r:httpd_sys_content_t:s0 index.php
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 lib
-rw-r--r--. root root system_u:object_r:httpd_sys_content_t:s0 LICENSE_AFL.txt
-rw-r--r--. root root system_u:object_r:httpd_sys_content_t:s0 LICENSE.txt
-rw-r--r--. root root system_u:object_r:httpd_sys_content_t:s0 nginx.conf.sample
-rw-r--r--. root root system_u:object_r:httpd_sys_content_t:s0 package.json.sample
-rw-r--r--. root root unconfined_u:object_r:httpd_sys_content_t:s0 php.php
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 phpserver
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 pub
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 setup
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 update
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 var
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 vendor

mghe
Posts: 766
Joined: 2015/11/24 12:04:43
Location: Katowice, Poland

Re: SELinux and Apache.

Post by mghe » 2019/05/27 18:24:50

Some of Your folder app should has write to it, so it should have context: httpd_sys_rw_content_t

Read here: https://access.redhat.com/documentation ... ling_files

Post Reply