Pubblica semplicemente la mia configurazione:
- L'installazione generica di Centos 6 + Virtualmin latest + SELinux, sembra che sia sfruttabile se è semplice Centos o Virtualmin con PHP / Suexec.
/ var / log / httpd:
-rw-r--r--. root root system_u:object_r:httpd_log_t:s0 access_log
-rw-r--r--. root root system_u:object_r:httpd_log_t:s0 access_log-20120805
-rw-r--r--. root root system_u:object_r:httpd_log_t:s0 error_log
-rw-r--r--. root root system_u:object_r:httpd_log_t:s0 error_log-20120930
-rw-r--r--. root root system_u:object_r:httpd_log_t:s0 error_log-20121007
-rw-r--r--. root root system_u:object_r:httpd_log_t:s0 error_log-20121014
-rw-r--r--. root root system_u:object_r:httpd_log_t:s0 error_log-20121021
-rw-r-----. root root system_u:object_r:httpd_log_t:s0 modsec_audit.log
-rw-r-----. root root system_u:object_r:httpd_log_t:s0 modsec_audit.log-20120930
-rw-r-----. root root system_u:object_r:httpd_log_t:s0 modsec_audit.log-20121007
-rw-r-----. root root system_u:object_r:httpd_log_t:s0 modsec_audit.log-20121014
-rw-r-----. root root system_u:object_r:httpd_log_t:s0 modsec_audit.log-20121021
-rw-r-----. root root system_u:object_r:httpd_log_t:s0 modsec_debug.log
-rw-r--r--. root root system_u:object_r:httpd_log_t:s0 ssl_access_log
-rw-r--r--. root root system_u:object_r:httpd_log_t:s0 ssl_access_log-20120805
-rw-r--r--. root root system_u:object_r:httpd_log_t:s0 ssl_access_log-20120812
-rw-r--r--. root root system_u:object_r:httpd_log_t:s0 ssl_error_log
-rw-r--r--. root root system_u:object_r:httpd_log_t:s0 ssl_error_log-20120930
-rw-r--r--. root root system_u:object_r:httpd_log_t:s0 ssl_error_log-20121007
-rw-r--r--. root root system_u:object_r:httpd_log_t:s0 ssl_error_log-20121014
-rw-r--r--. root root system_u:object_r:httpd_log_t:s0 ssl_error_log-20121021
-rw-r--r--. root root system_u:object_r:httpd_log_t:s0 ssl_request_log
-rw-r--r--. root root system_u:object_r:httpd_log_t:s0 ssl_request_log-20120805
-rw-r--r--. root root system_u:object_r:httpd_log_t:s0 ssl_request_log-20120812
-rw-r--r--. root root system_u:object_r:httpd_log_t:s0 suexec.log
-rw-r--r--. root root system_u:object_r:httpd_log_t:s0 suexec.log-20120930
-rw-r--r--. root root system_u:object_r:httpd_log_t:s0 suexec.log-20121007
-rw-r--r--. root root system_u:object_r:httpd_log_t:s0 suexec.log-20121014
-rw-r--r--. root root system_u:object_r:httpd_log_t:s0 suexec.log-20121021
PHP viene eseguito su suexec:
unconfined_u:system_r:httpd_suexec_t:s0 502 17648 0.0 4.7 314004 23624 ? Sl Oct21 0:07 /usr/bin/php-cgi
File di log di Vhost:
-rw-rw----. 1 system_u:object_r:var_log_t:s0 502 48 1008958 Oct 24 00:19 blackhatconsulting.co.uk_access_log
-rw-rw----. 1 unconfined_u:object_r:var_log_t:s0 502 48 11592222 Aug 5 03:41 blackhatconsulting.co.uk_access_log-20120805
-rw-rw----. 1 unconfined_u:object_r:var_log_t:s0 502 48 9418101 Aug 12 03:15 blackhatconsulting.co.uk_access_log-20120812
-rw-rw----. 1 system_u:object_r:var_log_t:s0 502 48 207759 Sep 23 03:21 blackhatconsulting.co.uk_access_log-20120923.gz
-rw-rw----. 1 system_u:object_r:var_log_t:s0 502 48 176072 Sep 30 03:36 blackhatconsulting.co.uk_access_log-20120930.gz
-rw-rw----. 1 system_u:object_r:var_log_t:s0 502 48 158753 Oct 7 03:23 blackhatconsulting.co.uk_access_log-20121007.gz
-rw-rw----. 1 system_u:object_r:var_log_t:s0 502 48 170740 Oct 14 03:49 blackhatconsulting.co.uk_access_log-20121014.gz
-rw-rw----. 1 system_u:object_r:var_log_t:s0 502 48 199233 Oct 21 03:43 blackhatconsulting.co.uk_access_log-20121021.gz
-rw-rw----. 1 system_u:object_r:var_log_t:s0 502 48 3972681 Oct 24 00:19 blackhatconsulting.co.uk_error_log
-rw-rw----. 1 unconfined_u:object_r:var_log_t:s0 502 48 715308 Aug 5 03:41 blackhatconsulting.co.uk_error_log-20120805
-rw-rw----. 1 unconfined_u:object_r:var_log_t:s0 502 48 10871995 Aug 12 03:15 blackhatconsulting.co.uk_error_log-20120812
-rw-rw----. 1 system_u:object_r:var_log_t:s0 502 48 21122 Sep 23 03:21 blackhatconsulting.co.uk_error_log-20120923.gz
-rw-rw----. 1 system_u:object_r:var_log_t:s0 502 48 18896 Sep 30 03:36 blackhatconsulting.co.uk_error_log-20120930.gz
-rw-rw----. 1 system_u:object_r:var_log_t:s0 502 48 18423 Oct 7 03:23 blackhatconsulting.co.uk_error_log-20121007.gz
-rw-rw----. 1 system_u:object_r:var_log_t:s0 502 48 18458 Oct 14 03:49 blackhatconsulting.co.uk_error_log-20121014.gz
-rw-rw----. 1 system_u:object_r:var_log_t:s0 502 48 30181 Oct 21 03:43 blackhatconsulting.co.uk_error_log-20121021.gz
E infine, il processo PHP:
lrwx------. 1 unconfined_u:system_r:httpd_suexec_t:s0 502 502 64 Oct 24 00:17 0 -> socket:[331211]
l-wx------. 1 unconfined_u:system_r:httpd_suexec_t:s0 502 502 64 Oct 24 00:17 1 -> /var/log/httpd/error_log
lr-x------. 1 unconfined_u:system_r:httpd_suexec_t:s0 502 502 64 Oct 24 00:17 18 -> pipe:[302590]
l-wx------. 1 unconfined_u:system_r:httpd_suexec_t:s0 502 502 64 Oct 24 00:17 2 -> /var/log/httpd/error_log
l-wx------. 1 unconfined_u:system_r:httpd_suexec_t:s0 502 502 64 Oct 24 00:17 21 -> pipe:[302591]
lrwx------. 1 unconfined_u:system_r:httpd_suexec_t:s0 502 502 64 Oct 24 00:17 4 -> socket:[331227]
E httpd:
r-x------. 1 root root 64 Oct 24 00:26 0 -> /dev/null
l-wx------. 1 root root 64 Oct 24 00:26 1 -> /dev/null
l-wx------. 1 root root 64 Oct 24 00:26 10 -> pipe:[302583]
l-wx------. 1 root root 64 Oct 24 00:26 11 -> /var/log/virtualmin/blackhatconsulting.co.uk_error_log
l-wx------. 1 root root 64 Oct 24 00:26 12 -> /var/log/httpd/ssl_error_log
l-wx------. 1 root root 64 Oct 24 00:26 13 -> /var/log/httpd/access_log
l-wx------. 1 root root 64 Oct 24 00:26 14 -> /var/log/virtualmin/blackhatconsulting.co.uk_access_log
l-wx------. 1 root root 64 Oct 24 00:26 15 -> /var/log/virtualmin/blackhatconsulting.co.uk_access_log
l-wx------. 1 root root 64 Oct 24 00:26 16 -> /var/log/httpd/ssl_access_log
l-wx------. 1 root root 64 Oct 24 00:26 17 -> /var/log/httpd/ssl_request_log
lr-x------. 1 root root 64 Oct 24 00:26 18 -> pipe:[302590]
l-wx------. 1 root root 64 Oct 24 00:26 19 -> pipe:[302590]
l-wx------. 1 root root 64 Oct 24 00:26 2 -> /var/log/httpd/error_log
lr-x------. 1 root root 64 Oct 24 00:26 20 -> pipe:[302591]
l-wx------. 1 root root 64 Oct 24 00:26 21 -> pipe:[302591]
lr-x------. 1 root root 64 Oct 24 00:26 3 -> /dev/urandom
lrwx------. 1 root root 64 Oct 24 00:26 4 -> socket:[271909]
lrwx------. 1 root root 64 Oct 24 00:26 5 -> socket:[271911]
l-wx------. 1 root root 64 Oct 24 00:26 6 -> /var/log/httpd/modsec_debug.log
l-wx------. 1 root root 64 Oct 24 00:26 7 -> /var/log/httpd/modsec_audit.log
lrwx------. 1 root root 64 Oct 24 00:26 8 -> socket:[271913]
lr-x------. 1 root root 64 Oct 24 00:26 9 -> pipe:[302583]
Quindi, senza SELinux, utilizzando Virtualmin su Centos, è possibile accedere ai file di log da PHP senza problemi, poiché vengono eseguiti sullo stesso uid. Tuttavia con SELinux non è possibile perché impedisce di leggere qualsiasi cosa da / var / log usando il processo invocato dalla rete. Anche mod_security non consente di farlo (per passare il codice PHP).