CentOS 7, SELinux and Watch My Domains SED

Installing Watch My Domains SED on a CentOS system with SELinux (Security-Enhanced Linux) enabled often requires some extra work.

The Log Folder

Watch My Domains SED requires that the log folder is writable by apache. For this to work you will have to properly set the security context and ownership for the folder.

By default the log folder is at the root of the base installation. If you are installing the application at /var/www/html/wmdsed40, the log folder will be /var/www/html/wmdsed40/logs. You can ofcourse change the location of the log folder by editing the config.php file.

To make the log folder writable you will have to run

chown apache:apache /var/www/html/wmdsed40/logs
chcon -t httpd_sys_rw_content_t /var/www/html/wmdsed40/logs -R

The first command will set the owner of the folder to apache and the second will set the security context so that the folder is readable and writable by apache.

If you set the log folder outside of wmdsed40, you will also need to set httpd_sys_content_t for it.

Changing DocumentRoot

Installing the application to a folder different from the default /var/www/html requires more changes. For example, to install to /home/wmdsed/wmdsed40 you would do…

chcon -R --reference=/var/www/html/ /home/wmdsed/wmdsed40 
chcon -R -t httpd_sys_content_t /home/wmdsed/wmdsed40/ 
semanage fcontext -a -t httpd_sys_content_t "/home/wmdsed/wmdsed40(/.*)?" 
setsebool -P httpd_enable_homedirs true 
chmod 755 /home/wmdsed/wmdsed40

You will have to edit /etc/httpd/httpd.conf and change the DocumentRoot settings. You should also make the log folder writable by apache as mentioned in the previous section.

Net_DNS2

It is a good idea to install Net_DNS2 so that advanced DNS monitoring is possible. You can do this by installing php-pear.

yum -y install php-pear 
pear install Net_DNS2

Setup Cron

Though this is not related to SELinux or CentOS, remember to setup the cron immediately after you install the application. This is essential for the default tables to get initialized.

Verify Installation

You can run the basic diagnostic tool by opening

https://<installpath>/verify.php

in your browser. For example, if your installation is at example.com/wmdsed40, you should open

https://example.com/wmdsed40/verify.php