SELinux - PHP-FPM¶

Persiapan¶

Proses¶

# variable
NAMA_DOMAIN="tadah.proxsis.co.id"

dnf -y install setroubleshoot-server
grep -E 'setroubleshoot|preventing' /var/log/messages
tail -F /var/log/messages | grep -E 'setroubleshoot|preventing'
# ikuti petunjuk pesan kesalahan
sealert -l b2ea9edd-6c4a-4324-935e-56c0677e13b5

audit2allow -w -a

#
setsebool -P httpd_read_user_content 1
setsebool -P httpd_can_network_connect 1
setsebool -P httpd_can_network_connect_db 1

#
ausearch -c 'php-fpm' --raw | audit2allow -M my-phpfpm

#
semodule -X 300 -i my-phpfpm.pp
semodule -i my-phpfpm.pp

#
systemctl restart httpd php-fpm

# periksa sebelum
matchpathcon -V /var/www/$NAMA_DOMAIN/html/*

/var/www/NAMA_DOMAIN/html/addons has context unconfined_u:object_r:user_home_t:s0, should be system_u:object_r:httpd_sys_content_t:s0
.
.
.
/var/www/NAMA_DOMAIN/html/webservices has context unconfined_u:object_r:user_home_t:s0, should be system_u:object_r:httpd_sys_content_t:s0

#
semanage fcontext -a -t httpd_sys_content_t "/var/www/$NAMA_DOMAIN/html(/.*)?"
#
restorecon -Rv /var/www/$NAMA_DOMAIN/html
#
systemctl restart httpd php-fpm
# periksa ulang
matchpathcon -V /var/www/$NAMA_DOMAIN/html/*

/var/www/NAMA_DOMAIN/html/addons verified.
.
.
.
/var/www/NAMA_DOMAIN/html/web.config verified.

Penyelesaian¶

Rujukan¶

https://www.server-world.info/en/note?os=CentOS_8&p=selinux&f=8