[CentOS] Apache not liking directories outside of /var/www

Jim Perrin jperrin at gmail.com
Fri Jul 31 16:50:40 UTC 2009


On Fri, Jul 31, 2009 at 12:35 PM, Boris Epstein<borepstein at gmail.com> wrote:

> I found an even simplier solution - disabled SELinux. I've got a
> firewall and that is plenty.

No. It's really not. If someone exploits apache, or php, they'll be
coming in via port 80 or 443 which your firewall has helpfully allowed
so that you can run your server. The vast majority of successful
penetrations I've seen are of two types. Brute ssh attacks, and
apache/php exloits.   If you were running mod_security, that might be
slightly more analogous to selinux. I really don't recommend that
people disable selinux simply because they can't be bothered to learn
it.

Real world reasons for selinux on web servers ->
http://www.linuxjournal.com/article/9176


-- 
During times of universal deceit, telling the truth becomes a revolutionary act.
George Orwell



More information about the CentOS mailing list