• The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Resolved Plesk 12 and SELinux

P

PriyanA

Regular Pleskian
Hi,

Does Plesk 12 support SELinux?

Does it come with psa-selinux package/policies?

Regards,
Priyan A
 
Yes, This package modifies the SELinux predefined policies configurations to allow Plesk to perform its actions.
 
unfortunately this is not true for plesk 12.5 on centos 7.

running sestatus will reveal the horrible truth:

# sestatus
SELinux status: disabled

:(
 
Hi geegee,

to ENABLE SELinux ( with the predefined policies from your Plesk packages "psa-selinux" ) it is recommended to use the following steps:
Code: 
vi /etc/sysconfig/selinux
... and change the settings for example "SELINUX=permissive". Afterwards, a "reboot" is required!

After the reboot, you would check for possible errors, as for example with:
Code: 
cat /var/log/messages | grep "SELinux is preventing"
If you don't see any errors, the next step is to set:
Code: 
vi /etc/sysconfig/selinux
... and change the settings to for example "SELINUX=enforcing". Another reboot is required!


If you need further help, pls. consider to read ( for CentOS 7 - based systems ): => https://www.digitalocean.com/commun...-to-selinux-on-centos-7-part-1-basic-concepts ( external link, pls. inform me when the link goes dead, so I can provide another working link! )
 
UFHH01 said:
Hi geegee,
...
Click to expand...

thank you for your response.

by the way, i am well aware how selinux works, thats not what i was talking about.

thing is that i was rather shocked to find out that plesk had disabled it.

still in 2016 a lot of linux tutorials and howto's start by advising to disable selinux because those folks have no clue what it is about and simply advise others to disable one of main security features. this stumps me..

so i was surprised that a fairly large player like plesk also disables SElinux...

either because plesk cant handle selinux or the the folks at plesk dont care about security or they dont know how to create policies for it.

whatever the reason... none of them are very assuring if you know what i mean...

on the other hand, maybe plesk runs fine..but the only way to find out is to try it i guess.

i will post my findings here if the are worth it.
 
UFHH01 said:
Hi geegee,

to ENABLE SELinux ( with the predefined policies from your Plesk packages "psa-selinux" ) it is recommended to use the following steps:
Code: 
vi /etc/sysconfig/selinux
... and change the settings for example "SELINUX=permissive". Afterwards, a "reboot" is required!

After the reboot, you would check for possible errors, as for example with:
Code: 
cat /var/log/messages | grep "SELinux is preventing"
If you don't see any errors, the next step is to set:
Code: 
vi /etc/sysconfig/selinux
... and change the settings to for example "SELINUX=enforcing". Another reboot is required!


If you need further help, pls. consider to read ( for CentOS 7 - based systems ): => https://www.digitalocean.com/commun...-to-selinux-on-centos-7-part-1-basic-concepts ( external link, pls. inform me when the link goes dead, so I can provide another working link! )
Click to expand...
Does that applied to CloudLinux 7.2 also?

I have Plesk 12.5 with CentOS 7 in beginning which enabled SELinux. But I found that sestatus shown disabled after I migrated to CloudLinux. My /etc/sysconfig/selinux still configured SELINUX=enforcing but sestatus always show disabled.

It looks like the CloudLinux did not support SELinux, can you confirm this?
 
raytracy said:
It looks like the CloudLinux did not support SELinux, can you confirm this?
Click to expand...

Cross - posting: => http://old.cloudlinux.com/solutions/forum/forum12/topic1317/

Even that the Knowledge - Base - article might be not up-to-date ( I have no idea about their own policies ), they state ( => https://helpdesk.cloudlinux.com/ind...s-missing-from-cloudlinux-comparing-to-centos last updated: 03 April 2011 02:31 PM ):

We are trying to maintain very close compatibility to CentOS. Yet, due to some of our kernel changes following things will not work:
  • SELinux
  • Xen
  • NFS 2*
Additionally KVM virtualization wasn't properly tested, and might be broken as well.
Our goal is to restore SELinux functionality, and make sure KVM works.
* NFS 3 and later are supported
Click to expand...
 
reporting back,

had selinux in permissive mode for over a month now and more than 60 different issues came up, some that would need custom policies to be generated but to my surprise also really trivial things that just can be fixed with setting a a boolean like httpd_can_network_connect.

this tells me that no effort was even made by the plesk to to support selinux?

strange.
settings bools is dead easy and even generating policies on the fly should be fairly easy to do.

i really dont get it.
 
Does anyone knows if the latest Onyx version (17.5.3 Update 11) works properly with SeLinux enabled on CentOS 7?

If yes, any KB article about this or any special recommendation when installing Onyx with SELinux enabled?

Thanks
 
You must log in or register to reply here.

Similar threads

G
Question Does Plesk on Ubuntu 22.04 support SELinux?
Replies
2
Views
1K
Maarten
M
Franco
Question CentOS to Alma conversion - virtualization
Replies
5
Views
579
Franco
Franco
I
Question Selinux, almalinux 9.3 and plesk
Replies
9
Views
2K
Elbowgrease
E
danami
Forwarded to devs SELinux errors due to ARC mail handler
Replies
2
Views
585
Kaspar@Plesk
Kaspar@Plesk
R
Plesk Random Crashes every few days 1-3 days
2
Replies
20
Views
4K
Coderra Ltd
C
Back
Top