SELinux Enforcement & Server Hardening

By Jakob Ward | December 18, 2025

Version 1.4.3 / Security, Infrastructure & Server Operations

Overview

This update completes a major SELinux enforcement and server hardening initiative across all Hostbotica WordPress and ColdFusion environments. The work standardizes SELinux behavior, modernizes NGINX hosting configuration, and introduces new Hostbotica Remote Control (HRC) tooling to ensure consistent, repeatable security posture moving forward.

Highlights

SELinux Activation & Standardization

  • Activated SELinux enforcing mode across all WordPress and ColdFusion 2023 servers.
  • Completed troubleshooting and remediation of policy conflicts to ensure uninterrupted application operation.
  • Standardized SELinux contexts for WordPress and ColdFusion services.

HRC Tooling Enhancements

  • Created hrc-selinux-wordpress-defaults for managing baseline SELinux contexts on WordPress systems.
  • Updated hrc-server-startup to support SELinux configuration sourced directly from centralized HRC configuration.
  • Updated hrc-server-shutdown to ensure correct handling of NGINX services and SELinux boolean capitalization.

NGINX & Hosting Configuration

  • Converted NGINX to name-based hosting across all environments for improved scalability and configuration clarity.
  • Performed general server and domain cleanup across WordPress and ColdFusion installations.

Server Maintenance & Reliability

  • Applied DNF updates across all virtual machines.
  • Completed security updates and controlled reboot of the production host.
  • Copied VM backups to the master backup system and verified integrity.

Performance & Stability Fixes

  • Tuned PHP-FPM on the WordPress systems to resolve CPU overload conditions.
  • Deployed updated MU-plugins and NGINX configuration changes as part of WordPress maintenance.

Notes

  • All production systems verified under SELinux enforcing mode post-deployment.
  • No service interruptions observed during enforcement, migrations, or reboots.
  • This update lays the groundwork for future automated compliance and hardened default deployments across Hostbotica infrastructure.
Posted in Changelog and tagged , , , , , , , , ,