473,411 Members | 1,895 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > linux > questions > run apache in chroot or use selinux

Join Bytes to post your question to a community of 473,411 software developers and data experts.

Run Apache in Chroot or use SELinux

194 100+
Hi everyone,

I am not an expert in linux but i saw that some people run apache in a chroot jailed environment so that im ever website compromised the attacker will only have access to its jailed environment.

On the other hand, SELinux is also designed for the same type of job if im not wrong. We need to change the directory's context.

So im a bit confused here that what should i use SELinux or Chroot for apache.

I am using CentOS 6 / RHEL 6 for this purpose.

Please guide me.

Thanking you.
Mar 2 '12 #1
3 4080
sicarie
4,677 Expert Mod 4TB
Chroot is the 'old school' method for validating and protecting your system from attack. It may require you to re-create or re-configure access to the directories as well as manually maintain those items that have been upgraded automatically by the system, though that depends on how you originally configured it.

SELinux is the a newer and less supported option that controls the interactions between processes, though this is done through policy. SELinux is fully supported on RHEL/CentOS, so you don't need to worry about that, however you would need to have a very good policy in place to ensure it behaves correctly.

If you do not want/need to change the way chroot behaves, and if you bind mount directories it may be easier than SELinux. However, if you are confident in your ability to create (and keep updated) the policy rules, then SELinux may allow more flexibility to your system.
Mar 5 '12 #2
mfaisalwarraich
194 100+
thanks sicarie for your explanation its really helpful. But i have gone through documentation.

What i have figured out is that if im running a website it means it can't be protected whatsoever either its a SELinux or Chroot environment. In both cases website may be compromised and attacker may have access to website folders.

So in such case only backups can secure me which i need to make a proper plan to make them in place. However, Chroot/SELinux would obviously secure that backup so that attacker wont get access to it.

I have googled about Chroot for apache but i have not found any good material as yet. If you have any guide about configuring an apache server in Chroot environment please link me.

Thank you again.

Regards
Mar 6 '12 #3
sicarie
4,677 Expert Mod 4TB
Yes, security is the process of reviewing, monitoring, and updating the site and resources behind it to ensure risks are known and properly mitigated, monitored, or accepted. I would highly recommend taking whatever you're using (be it a bulletin board system, an apache server, or your on php code) and Google searching 'secure apache' or 'secure php' so that you can address the common issues and keep your site from being 'low hanging fruit.'

I would recommend searching 'rhel configure chroot' or setup instead of configure and seeing what comes up. Most of the docs should be similar, and reading two or three of them should get you going.
Mar 6 '12 #4

Sign in to post your reply or Sign up for a free account.

Similar topics

2
ping in chrooted apache
by: steven mestdagh | last post by:
hi, is there any way to check whether a host is up in php, other than using exec('ping... ) ? i am running apache in a chroot environment, so the www user has no access to /sbin/ping. ...
PHP
2
apache php write permissions
by: gruddo | last post by:
Hi this is my first post. I have two webservers. I can run php code fine on one but not the other. Both webservers can read files only one can write. I have looked around at other posts and they...
PHP
0
Solutions for can't use mail() in php 4.3.11 in Redhat Fedora 3 when SElinux is enabled
by: Ben Xia | last post by:
Looks like this is a common issue: If you installed linux Fedora 3 with the default configuration and latest patches, you will have Apache/2.0.53 (Fedora) and PHP 4.3.11 in your box. Without...
PHP
6
Restart apache using PHP
by: black francis | last post by:
hello all, i`m trying to restart apache from php but have failed completely. has anyone sucesfully done it? i'm currently able to execute other unix commands from php adding the proper...
PHP
3
Connection to mysql working in eclipse but not on apache?
by: frustratedcoder | last post by:
I have installed apache, php5 and mysql on my laptop. I write my code in eclipse and when I test it inside eclipse, the mysql database connection is working, I can execute the script inside...
PHP
2
os.execve(pth,args,env) and os.chroot(pth) = problems
by: goodnamesalltaken | last post by:
Hello fellow python users, I've been working on a basic implementation of a privilege separated web server, and I've goto the point of running a basic cgi script. Basically when the execCGI...
Python
4
Curl fails with Apache - but works in Command Line
by: BinnyVA | last post by:
Hi, I am using PHP 5.1.2 with curl enabled. But whenever I try to use curl to fetch a url, it fails - 'curl_exec()' returns nothing. But if I try to execute the same file in CLI - like 'php...
PHP
1
this code should chroot and exec program but fails
by: Þ­¾¯ | last post by:
/************************************************** *** *** chrexec.c *** *This shit can be called from root or from any user (in that case executable * should have 06755 permisions) and should...
C / C++
12
Chroot Jail Not Secure for Sandboxing Python?
by: gregpinero | last post by:
This wiki page suggests using a chroot jail to sandbox Python, but wouldn't running something like this in your sandboxed Python instance still break you out of the chroot jail: os.execle...
Python
4
Exit from os.chroot()
by: support\.intranet | last post by:
Hello! I'm writing a small script and I need to call the os.chroot function. The problem is, a few lines below I need to call a program in /usr/bin. Is there a way to exit from the chroot, or to...
Python
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
0
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Career Advice
0
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new...
Microsoft Access / VBA
0
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...
C# / C Sharp

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!