• The APS Catalog has been deprecated and removed from all Plesk Obsidian versions.
    Applications already installed from the APS Catalog will continue working. However, Plesk will no longer provide support for APS applications.
  • Please be aware: with the Plesk Obsidian 18.0.78 release, the support for the ngx_pagespeed.so module will be deprecated and removed from the sw-nginx package.

Plesk Panel 11 for Linux (CentOS 6) & SELinux

P

PriyanA

Regular Pleskian
Hi,

I'd like to use SELinux on my VPS (Plesk Panel 11, CentOS 6, Newly Built) as a extra security feature.

Came across many posting that Plesk NOT recommending to use SELinux "Enforcing"

Have anyone successfully done this?

Please post your ideas.
 
PriyanA, there's no sense in blaming SELinux unless you post your relevant audit log file entries and 'plesk' SELinux module version. List of enabled and disabled SELinux booleans may also help track down the issue.

While it's true that there are problems with SELinux support on Plesk servers here and there, clean installation of Plesk should behave well. You may also want to run restorecon on any offending files seen in audit log first.
 
Okay, looks like some kind of trouble with SELinux booleans used by Plesk.

Try:
# getsebool -a | grep httpd_can_bind_all_ports

If it shows that it's off, then try to re-enable nginx as a reverse proxy server:
# /usr/local/psa/admin/bin/nginxmng -d
# /usr/local/psa/admin/bin/nginxmng -e

If there is no output at all (edit: from the getsebool command above), then this most probably means that you have wrong 'plesk' SELinux module version (or none at all), hence in much more trouble than only httpd start problems.

Hope this helps.
 
Glad I could be of assistance.

So your problem is solved? Did you install appropriate version of 'plesk' SELinux module then?
 
Unfortunately, you will have countless problems unless you install proper policy module.

To find out which version of Plesk policy module is installed:
# semodule -l | grep plesk

To manually (re)install current version of Plesk policy:
# semodule -s targeted -i /usr/local/psa/etc/plesk.pp
or maybe without "-s targeted" or with other store depending on your system.

But I recommend just running /usr/local/psa/etc/selinux_policy_upgrade_trigger instead.
 
Nikolay. thank you very much for your support.

Ive seems overcome all the problems and plesk+domains are working fine. i'll post the full steps once my VPS is re-built. hoping it will help someone looking for additional security.
 
You must log in or register to reply here.

Similar threads

D
Question Is it overkill to use plesk for a single personal project?
Replies
1
Views
2K
scsa20
scsa20
M
Issue Plesk Migration Gets Stuck On Specific Subscription
Replies
0
Views
1K
Matt M
M
K
Question Using Plesk to Host a Web Interface for Stepper Motor Control
Replies
1
Views
3K
Kaspar
K
G
Question Does Plesk on Ubuntu 22.04 support SELinux?
Replies
2
Views
3K
Maarten
M
K
Issue Planified Task not working anymore after upgrading Debian/updating Plesk
Replies
9
Views
5K
Kouenteen
K
Back
Top