selinux - already configured?

Oxide · Oct 11, 2015

Hello,

All I know about Selinux is that it's nice for people that like security, is this already configured within Centminmod? to work with mysql, nginx and so on?

also does anyone have any suggested suhosin config to share? to disable bad functions etc? here is my current one:
Code:
extension=suhosin.so
suhosin.cookie.encrypt = 1
suhosin.executor.disable_eval = 0
suhosin.get.max_value_length = 2048
suhosin.get.max_vars = 1000
suhosin.memory_limit = 0
suhosin.post.max_value_length = 1000000
suhosin.post.max_vars = 4096
suhosin.post.max_array_index_length = 256
suhosin.post.max_totalname_length = 8192
suhosin.request.max_value_length = 1000000
suhosin.request.max_vars = 4096
suhosin.request.max_varname_length =  384
suhosin.request.max_array_index_length = 256
suhosin.request.max_totalname_length = 8192
suhosin.upload.disallow_binary = 0
suhosin.upload.disallow_elf = 1
suhosin.upload.max_uploads = 25
suhosin.upload.remove_binary = 0
suhosin.executor.func.blacklist="exec,passthru,system,proc_open,popen,curl_multi_exec,parse_ini_file,show_source"
not sure if any of those will use a lot of resources

eva2000 · Oct 11, 2015

Selinux is disabled for Centmin Mod to work. See my reply at what is SE-linux and why disable ? | Centmin Mod Community

for suhosin you're on you own but Configuration | SUHOSIN and official docs at Suhosin HOWTOs | SUHOSIN and FAQ at Frequently Asked Questions | SUHOSIN are what you need to read

particular FAQ

Will my application break because Suhosin is too restrictive?
Some people fear that the protections implemented by Suhosin are too restrictive for their applications and that after installing it, their applications stop working. Therefore Suhosin comes with a special configuration option: suhosin.simulation. When this is enabled Suhosin will continue logging violated rules but the actual blocking will not be performed.

How can I find out the problem when my application breaks?
It is a good start to enable Suhosin's logging feature in addition to PHP's logging. See suhosin.log.* in the documentation.
Click to expand...

Oxide · Oct 11, 2015

eva2000 said: ↑

Selinux is disabled for Centmin Mod to work. See my reply at what is SE-linux and why disable ? | Centmin Mod Community

for suhosin you're on you own but Configuration | SUHOSIN and official docs at Suhosin HOWTOs | SUHOSIN and FAQ at Frequently Asked Questions | SUHOSIN are what you need to read

particular FAQ
Click to expand...

yes i've read their documentations, just curious if any other users here use it and have some nice combinations to share for a secure forum and sites, without conflicting stuff

eva2000 · Oct 11, 2015

Oxide said: ↑

yes i've read their documentations, just curious if any other users here use it and have some nice combinations to share for a secure forum and sites, without conflicting stuff
Click to expand...

Would be php web app specific so i suspect would vary from person to person That's what suhosin simulation mode and logging is for

Log in / Register

Forums

Welcome to Centmin Mod Community

selinux - already configured?

Oxide Active Member

eva2000 Administrator Staff Member

Oxide Active Member

eva2000 Administrator Staff Member

.

Log in / Register

Useful Searches

Welcome to Centmin Mod Community

selinux - already configured?

Oxide Active Member

eva2000 Administrator Staff Member

Oxide Active Member

eva2000 Administrator Staff Member

.