• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Plesk Panel 11 for Linux (CentOS 6) & SELinux

P

PriyanA

Regular Pleskian
Hi,

I'd like to use SELinux on my VPS (Plesk Panel 11, CentOS 6, Newly Built) as a extra security feature.

Came across many posting that Plesk NOT recommending to use SELinux "Enforcing"

Have anyone successfully done this?

Please post your ideas.
 
PriyanA, there's no sense in blaming SELinux unless you post your relevant audit log file entries and 'plesk' SELinux module version. List of enabled and disabled SELinux booleans may also help track down the issue.

While it's true that there are problems with SELinux support on Plesk servers here and there, clean installation of Plesk should behave well. You may also want to run restorecon on any offending files seen in audit log first.
 
Okay, looks like some kind of trouble with SELinux booleans used by Plesk.

Try:
# getsebool -a | grep httpd_can_bind_all_ports

If it shows that it's off, then try to re-enable nginx as a reverse proxy server:
# /usr/local/psa/admin/bin/nginxmng -d
# /usr/local/psa/admin/bin/nginxmng -e

If there is no output at all (edit: from the getsebool command above), then this most probably means that you have wrong 'plesk' SELinux module version (or none at all), hence in much more trouble than only httpd start problems.

Hope this helps.
 
Glad I could be of assistance.

So your problem is solved? Did you install appropriate version of 'plesk' SELinux module then?
 
Unfortunately, you will have countless problems unless you install proper policy module.

To find out which version of Plesk policy module is installed:
# semodule -l | grep plesk

To manually (re)install current version of Plesk policy:
# semodule -s targeted -i /usr/local/psa/etc/plesk.pp
or maybe without "-s targeted" or with other store depending on your system.

But I recommend just running /usr/local/psa/etc/selinux_policy_upgrade_trigger instead.
 
Nikolay. thank you very much for your support.

Ive seems overcome all the problems and plesk+domains are working fine. i'll post the full steps once my VPS is re-built. hoping it will help someone looking for additional security.
 
You must log in or register to reply here.

Similar threads

G
Question Does Plesk on Ubuntu 22.04 support SELinux?
Replies
2
Views
1K
Maarten
M
LionKing
Issue Weak Algorithm Warning (DSA1024) for Plesk Repositories on Ubuntu 24.04 LTS
Replies
5
Views
556
LionKing
LionKing
B
Issue High latency, unreliable performance & 522 errors on a Plesk server that ran fine for 6+ months
Replies
8
Views
2K
HHawk
HHawk
Franco
Resolved CentOs2Alma conversion failed - disk space?
Replies
7
Views
2K
Bitpalast
Bitpalast
C
Question Strategic questions
Replies
9
Views
3K
mow
M
Back
Top