Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

detecting if someone has selinux installed / httpd_can_network_connect enabled

Tags:

linux

php

ubuntu

selinux

When SELinux is installed there's a setting - httpd_can_network_connect - that often prevents PHP's fsockopen() from making outbound connections when it was instantiated by a request coming in via HTTP.

I would like to be able to see, via PHP, if a system has SELinux / httpd_can_network_connect enabled. If so I'd present the user with a warning saying that this setting could interfere with the page.

I installed SELinux on an Ubuntu machine and altho httpd_can_network_connect doesn't even appear to be an option that's available to me SELinux none-the-less does appear to be installed and I'm not seeing any indications of it installed even in the phpinfo() output..

Any ideas?

like image 680
neubert Avatar asked May 16 '15 03:05

neubert

2 Answers

Not sure about selinux integration with PHP. You could use the shell command.

$getenforce = trim(shell_exec("getenforce"));
if ($getenforce == "Disabled" or $getenforce == "Permissive") {
    // good to go
}

Although, getenforce may not exist on all Linux systems, so you may want to test the function somehow. Here is something that may work for that:

exec("getenforce", $getenforce, $return);
if ($return or ($getenforce[0] == "Disabled" or $getenforce[0] == "Permissive")) {
    // good to go
}

As the return value should be greater than 0 if the user either doesn't have access to or the getenforce command doesn't exist.

Note: On my system, getenforce is in /usr/sbin, so you may need to specify the full path to getenforce if sbin isn't in the user's include path. There appear to be no restrictions on non-superusers running getenforce from my testing.

like image 155
Devon Avatar answered Sep 29 '22 15:09

Devon

There are some php bindings for the libselinux userspace library that allows you (among other things) to get selinux booleans. See php-pecl-selinux in the fedora project packages archive. Here is the pecl page.

Among other things it defines the selinux_get_boolean_active function which should do the job for you, it takes the boolean name and returns a long or -1 on failure.

There is not much documentation online but you can refer to the libselinux man pages and summary for function signatures.

Hope this helps!

like image 38
qwattash Avatar answered Sep 29 '22 15:09

qwattash
Sign in to Comment

Related questions

How to send € or € sign in email subject using phpMailer class
Create CSV from multidimensional array with fputcsv
HTML5 websockets vs PHP websockets vs node.js websockets?
Mysql server has gone away while storing large (2MB) audio file in LONGBLOB
Efficiently design and manage user settings module [closed]
PHP AJAX Image Uploading with FormData
Get Category image in with getChildrenCategories->getImageUrl (MAGENTO)
angularjs - POST an array of objects(JSON data) to a PHP page
Laravel 5 inserting row with a foreign key
Memoizing fibonacci function in php
Use custom function in Controller when using resource in routes - Laravel
Does PHP have a peek array operation?
how to display php error message on web page in firefox?
do I even need `htmlspecialchars()` for textarea's value
Reading large text files efficiently
When do I have to close mysqli (Database) connection?
PHP undefined reference to `ts_resource_ex'
Intervention Image rounded corners upload
Codeigniter using foreach in view
ImageMagick and imagick_type_gen don't recognize added fonts

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!