• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:
    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Plesk Panel 11 for Linux (CentOS 6) & SELinux

P

PriyanA

Regular Pleskian
Hi,

I'd like to use SELinux on my VPS (Plesk Panel 11, CentOS 6, Newly Built) as a extra security feature.

Came across many posting that Plesk NOT recommending to use SELinux "Enforcing"

Have anyone successfully done this?

Please post your ideas.
 
PriyanA, there's no sense in blaming SELinux unless you post your relevant audit log file entries and 'plesk' SELinux module version. List of enabled and disabled SELinux booleans may also help track down the issue.

While it's true that there are problems with SELinux support on Plesk servers here and there, clean installation of Plesk should behave well. You may also want to run restorecon on any offending files seen in audit log first.
 
Okay, looks like some kind of trouble with SELinux booleans used by Plesk.

Try:
# getsebool -a | grep httpd_can_bind_all_ports

If it shows that it's off, then try to re-enable nginx as a reverse proxy server:
# /usr/local/psa/admin/bin/nginxmng -d
# /usr/local/psa/admin/bin/nginxmng -e

If there is no output at all (edit: from the getsebool command above), then this most probably means that you have wrong 'plesk' SELinux module version (or none at all), hence in much more trouble than only httpd start problems.

Hope this helps.
 
Glad I could be of assistance.

So your problem is solved? Did you install appropriate version of 'plesk' SELinux module then?
 
Unfortunately, you will have countless problems unless you install proper policy module.

To find out which version of Plesk policy module is installed:
# semodule -l | grep plesk

To manually (re)install current version of Plesk policy:
# semodule -s targeted -i /usr/local/psa/etc/plesk.pp
or maybe without "-s targeted" or with other store depending on your system.

But I recommend just running /usr/local/psa/etc/selinux_policy_upgrade_trigger instead.
 
Nikolay. thank you very much for your support.

Ive seems overcome all the problems and plesk+domains are working fine. i'll post the full steps once my VPS is re-built. hoping it will help someone looking for additional security.
 
You must log in or register to reply here.

Similar threads

B
Issue High latency, unreliable performance & 522 errors on a Plesk server that ran fine for 6+ months
Replies
1
Views
242
Sebahat.hadzhi
Sebahat.hadzhi
C
Question Strategic questions
Replies
9
Views
1K
mow
M
Franco
Resolved CentOs2Alma conversion failed - disk space?
Replies
7
Views
1K
Bitpalast
Bitpalast
J.Wick
Forwarded to devs SELinux Interferes with Plesk FTP Backup
Replies
1
Views
826
IgorG
IgorG
herrMartin
Question Does anyone use CrowdSec with Plesk?
Replies
3
Views
2K
Michiel Klaver
Michiel Klaver
Back
Top