Issue Selinux switches to permissive when updating modsecurity rules

[ivanes82]

Server operating system version

Almalinux 8.10

Plesk version and microupdate number

Plesk Obsidian 18.0.65, #1

Every night only selinux is changed to permissive. The only recent change I have made on the server, was to change the modsecurity ruleset from comodo to Atomic Standard, because comodo for whatever reason does not install correctly and was giving problems. I have been manually setting selinux to forced for several days, but at night it changes back. Today I tried to run plesk daily UpdateModSecurityRuleSet to force the modsecurity update, and at the end I had selinux back to permissive. Is this behavior normal? Does it only happen to me or does it happen to someone else? Thank you very much.

 

[ivanes82]

I have changed the Atomic Standard rules updates from daily to weekly. If tonight doesn't put selinux on permissive, I could say that the modsecurity rules update leaves selinux on permissive. I will comment tomorrow.

 

[ivanes82]

Indeed, by disabling the daily updates of the modsecurity rules, selinux is no longer set to permissive. Is this behavior normal? Is it a generalized bug or does it only affect my server?

 

[ivanes82]

Can no one really help?

 

[ivanes82]

Can someone please tell me if it is normal that when atomicorp modsecurity rules are updated selinux is set to permissive, and once the update is finished selinux is kept in permissive.

Thank you very much.

 

[Sebahat.hadzhi]

Hello, @ivanes82. According to Atomic's team running aum -u should not touch SElinux. Could you please try updating the aum package by running the following command:

aum -uf

After that you may check ausearch log after re-enabling the Atomic standard rule set at Tools&Settings > Web Application Firewall (Mod Security):

ausearch -m avc

I hope that helps.

 

[ivanes82]

Muchas gracias por su respuesta. Al ejecutar aum -u, las reglas se actualizan correctamente y selinux permanece en vigor. Sin embargo, la ejecución diaria de plesk -f UpdateModSecurityRuleSet o su actualización automática todas las noches a través de la programación de plesk hace que selinux permanezca en permisivo.

Muchas gracias. Al menos por el momento mientras se encuentra una solución a esto, puedo desactivar la actualización de plesk y crear un cron job con el comando aum -u.

 

[Sebahat.hadzhi]

Thank you for the update. I have configured a test environment with AlmaLinux 8.10 and Plesk .65 #1 with Atomic daily ruleset updates. I will check it tomorrow and further discuss the case with our team if the same behavior is observed.

 

[ivanes82]

Thank you very much, I am waiting to hear from you, to know if I have to contact plesk technical support for a problem in my server or if it is a general error, and I have to wait for a plesk update with the correction. Thank you very much.

 

[Sebahat.hadzhi]

Thank you for your patience, @ivanes82. Unfortunately, I was unable to reproduce the reported issue on the test environment. The SELinux mode remained intact and set to enforcing. If you have the option, please submit a ticket with our support team so they can further investigate the issue and hopefully suggest a resolution.