__ __ __ __ _____ _ _ _____ _ _ _ | \/ | \ \ / / | __ \ (_) | | / ____| | | | | | \ / |_ __\ V / | |__) | __ ___ ____ _| |_ ___ | (___ | |__ ___| | | | |\/| | '__|> < | ___/ '__| \ \ / / _` | __/ _ \ \___ \| '_ \ / _ \ | | | | | | |_ / . \ | | | | | |\ V / (_| | || __/ ____) | | | | __/ | | |_| |_|_(_)_/ \_\ |_| |_| |_| \_/ \__,_|\__\___| |_____/|_| |_|\___V 2.1 if you need WebShell for Seo everyday contact me on Telegram Telegram Address : @jackleetFor_More_Tools:
#
# Authors: Dan Walsh <dwalsh@redhat.com>
#
# Copyright (C) 2006 Red Hat, Inc.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
#
import gettext
translation=gettext.translation('setroubleshoot-plugins', fallback=True)
_=translation.gettext
import selinux
from setroubleshoot.Plugin import Plugin
class plugin(Plugin):
summary = _('''
SELinux prevented httpd $ACCESS access to http files.
''')
problem_description = _('''
SELinux prevented httpd $ACCESS access to http files.
Ordinarily httpd is allowed full access to all files labeled with http file
context. This machine has a tightened security policy with the $BOOLEAN
turned off, this requires explicit labeling of all files. If a file is
a cgi script it needs to be labeled with httpd_TYPE_script_exec_t in order
to be executed. If it is read only content, it needs to be labeled
httpd_TYPE_content_t. If it is writable content, it needs to be labeled
httpd_TYPE_script_rw_t or httpd_TYPE_script_ra_t. You can use the
chcon command to change these context. Please refer to the man page
"man httpd_selinux" or
<a href="http://fedora.redhat.com/docs/selinux-apache-fc3">FAQ</a>
"TYPE" refers to one of "sys", "user" or "staff" or potentially other
script types.
''')
fix_description = _('''
Changing the "$BOOLEAN" boolean to true will allow this access:
"setsebool -P $BOOLEAN=1"
''')
fix_cmd = 'setsebool -P $BOOLEAN=1'
if_text = _("If you want to allow httpd to execute cgi scripts and to unify HTTPD handling of all content files.")
then_text = _("you must tell SELinux about this by enabling the 'httpd_unified' and 'http_enable_cgi' booleans")
do_text = "# setsebool -P httpd_unified=1 httpd_enable_cgi=1"
def __init__(self):
Plugin.__init__(self, __name__)
self.set_priority(8)
def analyze(self, avc):
if (avc.matches_source_types("httpd_t httpd_.*_script_t") and
avc.matches_target_types("httpd_.*t") and
(avc.tclass == "file" or avc.tclass == "dir") and
( not selinux.security_get_boolean_active("httpd_unified")) and
( not selinux.security_get_boolean_active("httpd_enable_cgi"))):
return self.report()
return None
| Name | Type | Size | Permission | Actions |
|---|---|---|---|---|
| __pycache__ | Folder | 0755 |
|
|
| __init__.py | File | 2 B | 0644 |
|
| allow_anon_write.py | File | 3.25 KB | 0644 |
|
| allow_execheap.py | File | 2.39 KB | 0644 |
|
| allow_execmem.py | File | 3.07 KB | 0644 |
|
| allow_execmod.py | File | 5.41 KB | 0644 |
|
| allow_execstack.py | File | 4.73 KB | 0644 |
|
| allow_ftpd_use_cifs.py | File | 3.41 KB | 0644 |
|
| allow_ftpd_use_nfs.py | File | 3.3 KB | 0644 |
|
| associate.py | File | 2.15 KB | 0644 |
|
| automount_exec_config.py | File | 2.66 KB | 0644 |
|
| bind_ports.py | File | 2.81 KB | 0644 |
|
| catchall.py | File | 2.89 KB | 0644 |
|
| catchall_boolean.py | File | 2.89 KB | 0644 |
|
| catchall_labels.py | File | 2.2 KB | 0644 |
|
| chrome.py | File | 2.6 KB | 0644 |
|
| connect_ports.py | File | 2.68 KB | 0644 |
|
| cvs_data.py | File | 2.58 KB | 0644 |
|
| dac_override.py | File | 2.1 KB | 0644 |
|
| device.py | File | 2.74 KB | 0644 |
|
| disable_ipv6.py | File | 1.62 KB | 0644 |
|
| file.py | File | 3.21 KB | 0644 |
|
| filesystem_associate.py | File | 2.46 KB | 0644 |
|
| httpd_can_sendmail.py | File | 1.93 KB | 0644 |
|
| httpd_unified.py | File | 2.86 KB | 0644 |
|
| httpd_write_content.py | File | 2.11 KB | 0644 |
|
| kernel_modules.py | File | 2.74 KB | 0644 |
|
| leaks.py | File | 2.49 KB | 0644 |
|
| mmap_zero.py | File | 2.33 KB | 0644 |
|
| mounton.py | File | 2.48 KB | 0644 |
|
| mozplugger.py | File | 2.79 KB | 0644 |
|
| mozplugger_remove.py | File | 2.17 KB | 0644 |
|
| openvpn.py | File | 2.76 KB | 0644 |
|
| public_content.py | File | 2.57 KB | 0644 |
|
| qemu_blk_image.py | File | 2.55 KB | 0644 |
|
| qemu_file_image.py | File | 2.88 KB | 0644 |
|
| restorecon.py | File | 5.34 KB | 0644 |
|
| restorecon_source.py | File | 3.01 KB | 0644 |
|
| rsync_data.py | File | 2.53 KB | 0644 |
|
| samba_share.py | File | 2.94 KB | 0644 |
|
| sandbox_connect.py | File | 2.23 KB | 0644 |
|
| selinuxpolicy.py | File | 3.09 KB | 0644 |
|
| setenforce.py | File | 2.39 KB | 0644 |
|
| sshd_root.py | File | 2.08 KB | 0644 |
|
| swapfile.py | File | 2.23 KB | 0644 |
|
| sys_module.py | File | 2.35 KB | 0644 |
|
| sys_resource.py | File | 2.62 KB | 0644 |
|
| vbetool.py | File | 2.52 KB | 0644 |
|
| wine.py | File | 2.92 KB | 0644 |
|
| xen_image.py | File | 2.8 KB | 0644 |
|