On Wed, Sep 30, 2020 at 03:57:56PM +0000, Jason Long wrote:
Could SELinux protect a server from Reverse Shell attacks? When hackers access to the CMSes like WordPress then they do a Reverse Shell for access to the server. Could SELinux block it?
Yes, in a number of ways. First, it can constrain the WordPress process so that whatever is needed to get the exploit into WordPress is blocked. Second, even if that hole is wide open, it could prevent such a shell from being launched. And third, it could constrain suspicious outgoing connections, making a reverse shell attack impossible.