Support of SELinux
Attacks to web servers are in increasing. All modern Linux distribution come with SELinux. SELinux is a perfect way to avoid an attacker to get privileged access to the OS. Currently, Plesk is not supporting SELinux.
Support should be added. A policy should be provided to configure SELinux to support all PLESK relevant actions on the server.
Is this still a valid suggestion? We use SELinux in enforcing mode on our Centos/AlmaLinux servers, and it works without issues.
Currently, Plesk supports SELinux in permissive mode, but this doesn't improve security. Please support SELinux in Enforcing mode on all supported linux plattforms (Debian, Ubuntu, CentOS, RHEL, openSUSE).
Major improvements to security:
- Prevent hackers to exploit security related bugs in OS software (PHP exec() command can execute everything under /usr/bin/, /bin)
- Better lock in users with /bin/bash shells
- Disable security related programms like ping, nmap, strace...
- Prevent PHP scripts of opening ports which may be used by some services (IANA registered ports)
- Many other security improvements provided through SELinux
Christian Heutger commented
There are many issues with selinux enabled, so that's no support.
Mike, that is your decision whether to enable SELinux or not. If you enable it, then Plesk works with SELinux
Mike Benson commented
On every CentOS server is SELinux disabled from Plesk. This is not support
Peter Heck commented
Well, a lot of people (like me) are using Debian for that. So Debian support would be nice!