1

I'm trying to make my Satellite 5.7 server installation more secure. I'd like to turn off the function to run scripts from https://mysatserver/pub/upload/up without breaking Satellite.

The dir looks like this

-rw-r--r--. root   root   unconfined_u:object_r:httpd_sys_content_t:s0 index.html
drwxrwxr-x. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 up
-rw-r--r--. root   root   unconfined_u:object_r:httpd_sys_content_t:s0 upload.php

What I'd like to do is make sure that no scripts can be run under /up.

My thoughts are:

  • Change selinux context type?
  • Is there any settings in the Apache config files that would turn this off?
Jeff Schaller
  • 66,199
  • 35
  • 114
  • 250
Squashedlime
  • 11
  • 2
  • Look at your /var/log/audit/audit.log file and run it thorough audit2allow for the relevant module to allow access. – Raman Sailopal Feb 16 '18 at 11:14
  • Hi @RamanSailopal thanks for the answer. But I'd like to remove the ability to run scripts in that dir. But I still need to be able to upload files there. – Squashedlime Feb 19 '18 at 07:52

0 Answers0