The email gets sent out without issue, however there are errors in the SELinux audit log regarding Sendmail trying to access the WordFence files.
I'm trying to understand why this is happening. I can't think of a legitimate reason why Sendmail would need to access these files. Maybe this is related to file descriptor leaks? Any insight would be appreciated.
Current Setup:
PHP-FPM with Nginx
SELinux Status
Code: Select all
sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Max kernel policy version: 31
Code: Select all
httpd_can_sendmail --> on
Code: Select all
[wp-content]# ls -alZ wflogs
drwxr-xr-x. php-fpm php-fpm unconfined_u:object_r:httpd_sys_rw_content_t:s0 .
drwxrwxr-x. php-fpm php-fpm unconfined_u:object_r:httpd_sys_rw_content_t:s0 ..
-rw-------. php-fpm php-fpm system_u:object_r:httpd_sys_rw_content_t:s0 attack-data.php
-rw-------. php-fpm php-fpm system_u:object_r:httpd_sys_rw_content_t:s0 config-livewaf.php
-rw-------. php-fpm php-fpm system_u:object_r:httpd_sys_rw_content_t:s0 config.php
-rw-------. php-fpm php-fpm system_u:object_r:httpd_sys_rw_content_t:s0 config-synced.php
-rw-------. php-fpm php-fpm system_u:object_r:httpd_sys_rw_content_t:s0 config-transient.php
-rw-r--r--. php-fpm php-fpm system_u:object_r:httpd_sys_rw_content_t:s0 GeoLite2-Country.mmdb
-rw-r--r--. php-fpm php-fpm unconfined_u:object_r:httpd_sys_rw_content_t:s0 .htaccess
-rw-------+ php-fpm php-fpm unconfined_u:object_r:httpd_sys_rw_content_t:s0 ips.php
-rw-r--r--. php-fpm php-fpm system_u:object_r:httpd_sys_rw_content_t:s0 rules.php
-rw-------. php-fpm php-fpm system_u:object_r:httpd_sys_rw_content_t:s0 template.php
Code: Select all
time->Tue Mar 5 08:46:43 2019
type=PROCTITLE msg=audit(1551800803.236:305729): proctitle=2F7573722F7362696E2F73656E646D61696C002D74002D69
type=SYSCALL msg=audit(1551800803.236:305729): arch=c000003e syscall=59 success=yes exit=0 a0=2550a90 a1=2550b60 a2=254fab0 a3=7ffd00fc8960 items=0 ppid=28697 pid=27626 auid=4294967295 uid=995 gid=993 euid=995 suid=995 fsuid=995 egid=993 sgid=993 fsgid=993 tty=(none) ses=4294967295 comm="sendmail" exe="/usr/sbin/sendmail.postfix" subj=system_u:system_r:system_mail_t:s0 key=(null)
type=AVC msg=audit(1551800803.236:305729): avc: denied { read } for pid=27626 comm="sendmail" path="/var/www/vhosts/wordpress/wp-content/wflogs/GeoLite2-Country.mmdb" dev="dm-0" ino=556519 scontext=system_u:system_r:system_mail_t:s0 tcontext=system_u:object_r:httpd_sys_rw_content_t:s0 tclass=file permissive=0
type=AVC msg=audit(1551800803.236:305729): avc: denied { read write } for pid=27626 comm="sendmail" path="/var/www/vhosts/wordpress/wp-content/wflogs/config-transient.php" dev="dm-0" ino=556541 scontext=system_u:system_r:system_mail_t:s0 tcontext=system_u:object_r:httpd_sys_rw_content_t:s0 tclass=file permissive=0
type=AVC msg=audit(1551800803.236:305729): avc: denied { read write } for pid=27626 comm="sendmail" path="/var/www/vhosts/wordpress/wp-content/wflogs/config-livewaf.php" dev="dm-0" ino=556502 scontext=system_u:system_r:system_mail_t:s0 tcontext=system_u:object_r:httpd_sys_rw_content_t:s0 tclass=file permissive=0
type=AVC msg=audit(1551800803.236:305729): avc: denied { read write } for pid=27626 comm="sendmail" path="/var/www/vhosts/wordpress/wp-content/wflogs/config-synced.php" dev="dm-0" ino=900838 scontext=system_u:system_r:system_mail_t:s0 tcontext=system_u:object_r:httpd_sys_rw_content_t:s0 tclass=file permissive=0
type=AVC msg=audit(1551800803.236:305729): avc: denied { read write } for pid=27626 comm="sendmail" path="/var/www/vhosts/wordpress/wp-content/wflogs/attack-data.php" dev="dm-0" ino=900837 scontext=system_u:system_r:system_mail_t:s0 tcontext=system_u:object_r:httpd_sys_rw_content_t:s0 tclass=file permissive=0
type=AVC msg=audit(1551800803.236:305729): avc: denied { read write } for pid=27626 comm="sendmail" path="/var/www/vhosts/wordpress/wp-content/wflogs/config.php" dev="dm-0" ino=588781 scontext=system_u:system_r:system_mail_t:s0 tcontext=system_u:object_r:httpd_sys_rw_content_t:s0 tclass=file permissive=0
type=AVC msg=audit(1551800803.236:305729): avc: denied { read write } for pid=27626 comm="sendmail" path="/var/www/vhosts/wordpress/wp-content/wflogs/ips.php" dev="dm-0" ino=556517 scontext=system_u:system_r:system_mail_t:s0 tcontext=unconfined_u:object_r:httpd_sys_rw_content_t:s0 tclass=file permissive=0