Information
SELinux booleans allow or disallow behavior specific to the Apache web server. Common examples include whether CGI execution is allowed, or if the httpd server is allowed to communicate with the current terminal (tty). Communication with the terminal, may be necessary for entering a passphrase during start up to decrypt a private key.
Rationale:
Enabling only the necessary httpd related booleans provides a defense in depth approach, that will deny actions that are not in use or expected.
Solution
Perform the following to implement the recommended state:
To disable the SELinux httpd booleans that are determined to be unnecessary, use the setsebool command as shown below with the -P option to make the change persistent.
# setsebool -P httpd_enable_cgi off
# getsebool httpd_enable_cgi
httpd_enable_cgi --> off
Default Value:
SELinux is not enabled by default.