![]() Since SELinux was too convoluted to learn it was left in Permissive Mode and put on the backburner.Īn attacker comes across the webpage and finds it’s vulnerable to CVE-2018-7600 During the initial install of the application and its dependencies, the previous SysAdmin set SELinux to Permissive Mode in order to get the web application up and running. Scenario: You have a CentOS webserver running Apache with a vulnerable unpatched version of Drupal. After I’ll discuss how to build a policy that may fit any custom applications. The following section will be a practical example why not enabling Enforcing Mode is a bad idea. It’s not uncommon for System Administrators to just leave it in Permissive Mode for system/application Functionality. ![]() If you need to make any SELinux configuration changes, make sure to reset back to Enforcing Mode. ![]() Once installed and completing any required reboots, check the status with sestatus. Libselinux-utils setroubleshoot-server setools setools-console mcstrans Yum install policycoreutils policycoreutils-python selinux-policy selinux-policy-targeted \
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |