473,386 Members | 1,886 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > linux > questions > run apache in chroot or use selinux

Join Bytes to post your question to a community of 473,386 software developers and data experts.

Run Apache in Chroot or use SELinux

194 100+
Hi everyone,

I am not an expert in linux but i saw that some people run apache in a chroot jailed environment so that im ever website compromised the attacker will only have access to its jailed environment.

On the other hand, SELinux is also designed for the same type of job if im not wrong. We need to change the directory's context.

So im a bit confused here that what should i use SELinux or Chroot for apache.

I am using CentOS 6 / RHEL 6 for this purpose.

Please guide me.

Thanking you.
Mar 2 '12 #1
3 4078
sicarie
4,677 Expert Mod 4TB
Chroot is the 'old school' method for validating and protecting your system from attack. It may require you to re-create or re-configure access to the directories as well as manually maintain those items that have been upgraded automatically by the system, though that depends on how you originally configured it.

SELinux is the a newer and less supported option that controls the interactions between processes, though this is done through policy. SELinux is fully supported on RHEL/CentOS, so you don't need to worry about that, however you would need to have a very good policy in place to ensure it behaves correctly.

If you do not want/need to change the way chroot behaves, and if you bind mount directories it may be easier than SELinux. However, if you are confident in your ability to create (and keep updated) the policy rules, then SELinux may allow more flexibility to your system.
Mar 5 '12 #2
mfaisalwarraich
194 100+
thanks sicarie for your explanation its really helpful. But i have gone through documentation.

What i have figured out is that if im running a website it means it can't be protected whatsoever either its a SELinux or Chroot environment. In both cases website may be compromised and attacker may have access to website folders.

So in such case only backups can secure me which i need to make a proper plan to make them in place. However, Chroot/SELinux would obviously secure that backup so that attacker wont get access to it.

I have googled about Chroot for apache but i have not found any good material as yet. If you have any guide about configuring an apache server in Chroot environment please link me.

Thank you again.

Regards
Mar 6 '12 #3
sicarie
4,677 Expert Mod 4TB
Yes, security is the process of reviewing, monitoring, and updating the site and resources behind it to ensure risks are known and properly mitigated, monitored, or accepted. I would highly recommend taking whatever you're using (be it a bulletin board system, an apache server, or your on php code) and Google searching 'secure apache' or 'secure php' so that you can address the common issues and keep your site from being 'low hanging fruit.'

I would recommend searching 'rhel configure chroot' or setup instead of configure and seeing what comes up. Most of the docs should be similar, and reading two or three of them should get you going.
Mar 6 '12 #4

Sign in to post your reply or Sign up for a free account.

Similar topics

2
ping in chrooted apache
by: steven mestdagh | last post by:
hi, is there any way to check whether a host is up in php, other than using exec('ping... ) ? i am running apache in a chroot environment, so the www user has no access to /sbin/ping. ...
PHP
2
apache php write permissions
by: gruddo | last post by:
Hi this is my first post. I have two webservers. I can run php code fine on one but not the other. Both webservers can read files only one can write. I have looked around at other posts and they...
PHP
0
Solutions for can't use mail() in php 4.3.11 in Redhat Fedora 3 when SElinux is enabled
by: Ben Xia | last post by:
Looks like this is a common issue: If you installed linux Fedora 3 with the default configuration and latest patches, you will have Apache/2.0.53 (Fedora) and PHP 4.3.11 in your box. Without...
PHP
6
Restart apache using PHP
by: black francis | last post by:
hello all, i`m trying to restart apache from php but have failed completely. has anyone sucesfully done it? i'm currently able to execute other unix commands from php adding the proper...
PHP
3
Connection to mysql working in eclipse but not on apache?
by: frustratedcoder | last post by:
I have installed apache, php5 and mysql on my laptop. I write my code in eclipse and when I test it inside eclipse, the mysql database connection is working, I can execute the script inside...
PHP
2
os.execve(pth,args,env) and os.chroot(pth) = problems
by: goodnamesalltaken | last post by:
Hello fellow python users, I've been working on a basic implementation of a privilege separated web server, and I've goto the point of running a basic cgi script. Basically when the execCGI...
Python
4
Curl fails with Apache - but works in Command Line
by: BinnyVA | last post by:
Hi, I am using PHP 5.1.2 with curl enabled. But whenever I try to use curl to fetch a url, it fails - 'curl_exec()' returns nothing. But if I try to execute the same file in CLI - like 'php...
PHP
1
this code should chroot and exec program but fails
by: Þ­¾¯ | last post by:
/************************************************** *** *** chrexec.c *** *This shit can be called from root or from any user (in that case executable * should have 06755 permisions) and should...
C / C++
12
Chroot Jail Not Secure for Sandboxing Python?
by: gregpinero | last post by:
This wiki page suggests using a chroot jail to sandbox Python, but wouldn't running something like this in your sandboxed Python instance still break you out of the chroot jail: os.execle...
Python
4
Exit from os.chroot()
by: support\.intranet | last post by:
Hello! I'm writing a small script and I need to call the os.chroot function. The problem is, a few lines below I need to call a program in /usr/bin. Is there a way to exit from the chroot, or to...
Python
0
Basic Javascript concepts
by: aa123db | last post by:
Variable and constants Use var or let for variables and const fror constants. Var foo ='bar'; Let foo ='bar';const baz ='bar'; Functions function $name$ ($parameters$) { } ...
Javascript
0
Batch import of multiple excel files into the database
by: ryjfgjl | last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
Data Management
0
Merging data from multiple Excel files
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
Data Management
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!