Hello, Could SELinux protect a server from Reverse Shell attacks? When hackers access to the CMSes like WordPress then they do a Reverse Shell for access to the server. Could SELinux block it?
Thank you.
On Wed, Sep 30, 2020 at 03:57:56PM +0000, Jason Long wrote:
Could SELinux protect a server from Reverse Shell attacks? When hackers access to the CMSes like WordPress then they do a Reverse Shell for access to the server. Could SELinux block it?
Yes, in a number of ways. First, it can constrain the WordPress process so that whatever is needed to get the exploit into WordPress is blocked. Second, even if that hole is wide open, it could prevent such a shell from being launched. And third, it could constrain suspicious outgoing connections, making a reverse shell attack impossible.
On 9/30/20 5:57 PM, Jason Long wrote:
Hello, Could SELinux protect a server from Reverse Shell attacks? When hackers access to the CMSes like WordPress then they do a Reverse Shell for access to the server. Could SELinux block it?
Yes, in certain cases SELinux can block the reverse shell. For more info, please see my demo, it's few years old but the point of attack is reverse shell: https://www.youtube.com/watch?v=Ysshrh4aGOs
I hope it helps. Lukas.
Thank you. _______________________________________________ selinux mailing list -- selinux@lists.fedoraproject.org To unsubscribe send an email to selinux-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/selinux@lists.fedoraproject.or...
On Wed, Sep 30, 2020 at 08:57:56AM PDT, Jason Long spake thusly:
Could SELinux protect a server from Reverse Shell attacks? When hackers access to the CMSes like WordPress then they do a Reverse Shell for access to the server. Could SELinux block it?
As the others have said, absolutely. And I've actually seen SELinux protect servers from this sort of thing.
However, you also want to make sure you have egress filtering setup on your firewall. If your server is not supposed to be making outbound connections to strange IP addresses, why let it?
selinux@lists.fedoraproject.org