SELinux and Reverse Shell.

List overview All Threads
Download

newer

older

Selinux for RAMFS implementation

SELinux and Xorg error .

Jason Long

30 Sep 2020 30 Sep '20

8:57 a.m.

Hello, Could SELinux protect a server from Reverse Shell attacks? When hackers access to the CMSes like WordPress then they do a Reverse Shell for access to the server. Could SELinux block it?

Thank you.

Show replies by date

Matthew Miller

30 Sep 30 Sep

9:51 a.m.

On Wed, Sep 30, 2020 at 03:57:56PM +0000, Jason Long wrote:

...

Could SELinux protect a server from Reverse Shell attacks? When hackers access to the CMSes like WordPress then they do a Reverse Shell for access to the server. Could SELinux block it?

Yes, in a number of ways. First, it can constrain the WordPress process so that whatever is needed to get the exploit into WordPress is blocked. Second, even if that hole is wide open, it could prevent such a shell from being launched. And third, it could constrain suspicious outgoing connections, making a reverse shell attack impossible.

-- Matthew Miller mattdm@fedoraproject.org Fedora Project Leader

Lukas Vrabec

11:33 a.m.

On 9/30/20 5:57 PM, Jason Long wrote:

...

Hello, Could SELinux protect a server from Reverse Shell attacks? When hackers access to the CMSes like WordPress then they do a Reverse Shell for access to the server. Could SELinux block it?

Yes, in certain cases SELinux can block the reverse shell. For more info, please see my demo, it's few years old but the point of attack is reverse shell: https://www.youtube.com/watch?v=Ysshrh4aGOs

I hope it helps. Lukas.

...

Thank you. _______________________________________________ selinux mailing list -- selinux@lists.fedoraproject.org To unsubscribe send an email to selinux-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/selinux@lists.fedoraproject.or...

-- Lukas Vrabec SELinux Evangelist, Senior Software Engineer, Security Technologies Red Hat, Inc.

Tracy Reed

2:56 p.m.

On Wed, Sep 30, 2020 at 08:57:56AM PDT, Jason Long spake thusly:

...

Could SELinux protect a server from Reverse Shell attacks? When hackers access to the CMSes like WordPress then they do a Reverse Shell for access to the server. Could SELinux block it?

As the others have said, absolutely. And I've actually seen SELinux protect servers from this sort of thing.

However, you also want to make sure you have egress filtering setup on your firewall. If your server is not supposed to be making outbound connections to strange IP addresses, why let it?

-- Tracy Reed

1368

Age (days ago)

1368

Last active (days ago)

selinux@lists.fedoraproject.org

3 comments

4 participants

tags (0)

participants (4)

Jason Long
Lukas Vrabec
Matthew Miller
Tracy Reed