HEX
Server: Apache
System: Linux dinesh8189 5.15.98-grsec-sharedvalley-2.lc.el8.x86_64 #1 SMP Thu Mar 9 09:07:30 -03 2023 x86_64
User: cgmgerenciamento1 (814285)
PHP: 8.1.26
Disabled: apache_child_terminate,dl,escapeshellarg,escapeshellcmd,exec,link,mail,openlog,passthru,pcntl_alarm,pcntl_exec,pcntl_fork,pcntl_get_last_error,pcntl_getpriority,pcntl_setpriority,pcntl_signal,pcntl_signal_dispatch,pcntl_sigprocmask,pcntl_sigtimedwait,pcntl_sigwaitinfo,pcntl_strerror,pcntl_wait,pcntl_waitpid,pcntl_wexitstatus,pcntl_wifexited,pcntl_wifsignaled,pcntl_wifstopped,pcntl_wstopsig,pcntl_wtermsig,php_check_syntax,php_strip_whitespace,popen,proc_close,proc_open,shell_exec,symlink,system
$ pwd: /usr/share/setroubleshoot/plugins/__pycache__/
Upload Files
File: //usr/share/setroubleshoot/plugins/__pycache__/httpd_unified.cpython-36.pyc
3

m��au�@sDddlZejddd�ZejZddlZddlmZGdd�de�ZdS)�Nzsetroubleshoot-pluginsT)Zfallback)�Pluginc@sLeZdZed�Zed�Zed�ZdZed�Zed�Z	dZ
dd	�Zd
d�ZdS)
�pluginz?
    SELinux prevented httpd $ACCESS access to http files.
    aZ
    SELinux prevented httpd $ACCESS access to http files.

    Ordinarily httpd is allowed full access to all files labeled with http file
    context.  This machine has a tightened security policy with the $BOOLEAN
    turned off,  this requires explicit labeling of all files.  If a file is
    a cgi script it needs to be labeled with httpd_TYPE_script_exec_t in order
    to be executed.  If it is read only content, it needs to be labeled
    httpd_TYPE_content_t. If it is writable content, it needs to be labeled
    httpd_TYPE_script_rw_t or httpd_TYPE_script_ra_t. You can use the
    chcon command to change these context.  Please refer to the man page
    "man httpd_selinux" or
    <a href="http://fedora.redhat.com/docs/selinux-apache-fc3">FAQ</a>
    "TYPE" refers to one of "sys", "user" or "staff" or potentially other
    script types.
    zg
    Changing the "$BOOLEAN" boolean to true will allow this access:
    "setsebool -P $BOOLEAN=1"
    zsetsebool -P $BOOLEAN=1zcIf you want to allow httpd to execute cgi scripts and to unify HTTPD handling of all content files.z_you must tell SELinux about this by enabling the 'httpd_unified' and 'http_enable_cgi' booleansz1# setsebool -P httpd_unified=1 httpd_enable_cgi=1cCstj|t�|jd�dS)N�)r�__init__�__name__Zset_priority)�self�r�2/usr/share/setroubleshoot/plugins/httpd_unified.pyr=szplugin.__init__cCsL|jd�rH|jd�rH|jdks(|jdkrHtjd�rHtjd�rH|j�SdS)Nzhttpd_t httpd_.*_script_tz	httpd_.*t�file�dirZ
httpd_unifiedZhttpd_enable_cgi)Zmatches_source_typesZmatches_target_typesZtclass�selinuxZsecurity_get_boolean_activeZreport)rZavcrrr	�analyzeAs

zplugin.analyzeN)
r�
__module__�__qualname__�_ZsummaryZproblem_descriptionZfix_descriptionZfix_cmdZif_textZ	then_textZdo_textrr
rrrr	rsr)�gettextZtranslationrrZsetroubleshoot.Pluginrrrrrr	�<module>s

@ Telegram