Overview

This update completes a major SELinux enforcement and server hardening initiative across all Hostbotica WordPress and ColdFusion environments. The work standardizes SELinux behavior, modernizes NGINX hosting configuration, and introduces new Hostbotica Remote Control (HRC) tooling to ensure consistent, repeatable security posture moving forward.

Highlights

SELinux Activation & Standardization

• Activated SELinux enforcing mode across all WordPress and ColdFusion 2023 servers.
• Completed troubleshooting and remediation of policy conflicts to ensure uninterrupted application operation.
• Standardized SELinux contexts for WordPress and ColdFusion services.

HRC Tooling Enhancements

• Created hrc-selinux-wordpress-defaults for managing baseline SELinux contexts on WordPress systems.
• Updated hrc-server-startup to support SELinux configuration sourced directly from centralized HRC configuration.
• Updated hrc-server-shutdown to ensure correct handling of NGINX services and SELinux boolean capitalization.

NGINX & Hosting Configuration

• Converted NGINX to name-based hosting across all environments for improved scalability and configuration clarity.
• Performed general server and domain cleanup across WordPress and ColdFusion installations.

Server Maintenance & Reliability

• Applied DNF updates across all virtual machines.
• Completed security updates and controlled reboot of the production host.
• Copied VM backups to the master backup system and verified integrity.

Performance & Stability Fixes

• Tuned PHP-FPM on the WordPress systems to resolve CPU overload conditions.
• Deployed updated MU-plugins and NGINX configuration changes as part of WordPress maintenance.

Notes

• All production systems verified under SELinux enforcing mode post-deployment.
• No service interruptions observed during enforcement, migrations, or reboots.
• This update lays the groundwork for future automated compliance and hardened default deployments across Hostbotica infrastructure.

The post SELinux Enforcement & Server Hardening appeared first on Managed WordPress & ColdFusion Hosting | Hostbotica.

• Applied least-privilege policies for web services (httpd)
• Enabled controlled network access (e.g. httpd_can_network_connect) to support outbound service calls
• Documented and standardized SELinux context management for future deployments

Version 1.3.1 / Security & Compliance

The post Enhanced SELinux Security Policies appeared first on Managed WordPress & ColdFusion Hosting | Hostbotica.